|
|
|
|
|
|
by judge2020
1991 days ago
|
|
|
If you mean the one that's used on your phone to access everything, yes, although it doesn't bypass the email alert (the linked clickbait goes into how they have to click "allow device" on their already-signed-in phone). When you log into either the Google.com website or into an Android device your token needs permission to do everything you'd expect to do as a user - gmail, drive, etc. This attack is basically a browser MITM which captures that token and (theoretically) ships it off to a server for malicious usage/storage. Or, if you mean "can Google employees read my email", then they can since almost no Google service is end-to-end encrypted (although you can e2ee Chrome sync[0]). Gmail, Drive, and Docs are completely unencrypted unless you use encryption on top of it (like with rclone[1] or cryptomator[2]). 0: https://support.google.com/chrome/answer/165139?co=GENIE.Pla.... 1: https://www.section.io/engineering-education/encrypting-gdri... 2: https://cryptomator.org/ |
|
|