Thanks, and right... I don't expect maliciousness on fly's part. But you'd be surprised (or not) how many goog products phone home with anything they can find. In fact it might be called a "business model" of some sort.
Google's SSO can't really phone home. You're either using SAML or OAuth; in either scenario, the information flow is Google --> the app you're SSOing into; name, email, and user group information.
If you're SSOing into, say, AWS, Google doesn't get any access or private info out of AWS in the flow.
If you're SSOing into, say, AWS, Google doesn't get any access or private info out of AWS in the flow.