Getting "macOS wants to access your Google account" prompt? Here's what you should know

Identity verification is a complex task since the inception of modern society. The amount of privacy woes related to unique identifier as well as eventual identity thefts are rising day by day; mainly because of the inherent entanglements in the societal structure.

The discovery of the internet and online ‘virtual’ identities added more spice in this topic. Well, my mother’s maiden name could be a viable way of verifying my identity, but there are some side effects as well.

xkcd_security_question
Image source: xkcd #565

At the beginning of communication over internet, setting up a nickname should be enough create a (virtual) identity. With time, new services started to appear which combined email, messaging, calling, shopping and a lot more domains under one umbrella. Nicks were not enough to handle the bubble.

While email addresses combined with additional levels of verification (popularly known as Multi-factor authentication aka MFA) are proven to be viable alternatives of typical online identity validation, end users are facing troubles to handle multiple accounts.

openid_terminology
OpenID: a decentralized authentication protocol

To mitigate the issue, developers came up with open and decentralized authentication protocols such as OpenID and OAuth. With the help of these methods, one can use several online services using a single online identity. For example, you can connect with Google services using your Apple devices.

However, macOS users recently faced a major roadblock while trying to access their Gmail accounts using the built-in Apple Mail app. The authentication seemed to be broken, resulted in an infinite verification loop.

authentication-notification

PiunikaWeb highlighted the topic in this article, where we also mentioned the fix of this bug pushed by Apple in the updated Mail app via latest beta of macOS.

Interestingly, a huge chunk of Mac users are getting this weird message about macOS accessing their Google account data via their Gmail account since the same period of time. Looking fishy (or phishing), isn’t it?

macos_access_google_account
Source

As a matter of fact, this prompt is universal for every Mojave (to be specific, 10.14.4 and above) user. People affected by the authentication bug also got the same notification.

Just updated to Mojave 10.14.4. The only previous connection between any Google accounts I have and my Apple world is sharing my Google calendar with my Apple calendar (I can see on all my devices).

Now I’m getting a request in Mac OS calendar to enter the password for the Google account. “Google requires completing authentication”. The pop-up opens safari and takes me to a page that says macOS wants the ability to do all of these (no pick-and-choose possible):

– Read, compose, send, and permanently delete all your email from Gmail (not necessary – I don’t use Apple mail on the Mac for access to my Gmail)

– See, edit, download, and permanently delete your contacts (um, no. In any case, my contacts are already in iCloud)

– See, edit, share, and permanently delete all the calendars you can access using Google Calendar (this is what I’m looking for, although I really just want to “see”. The rest is unnecessary)

– View and send chat messages (not needed)

As you can see, the extra level of authentication is not just about emails. Elements like the contacts synced with Google or your calendar entries now require you to specifically grant access to be accessed from a third party app/service (in this case, macOS).

Yes, I believe it is legitimate. It was connected with Google Notes. (I disabled google notes and then re-instated and it asked to connect with Macos.)

When I blocked Macos, I no longer had access to Google Notes on my iMac.

(Source)

bkennelly, a Platinum Product Expert of Gmail community, confirmed that the prompt was an after effect of full fledged OAuth2 authentication support in macOS.

It looks legitimate. I am going to ask around, but it looks like MacOS is finally supporting OAuth2 authentication, as iOS has for some time.

(Source)

Apple community members seconded the claim as well.

macos_mojave_oauth2_google

Digging a little deeper, we can reassert the same thing. Google recently changed the 2-Step verification process for G Suite, which should directly affect the users.

gsuite_2fa_verification_march_2019_changes

Different screens on different browsers: You may see different flows on Chrome, Safari, Firefox, Edge, and other browsers. Previously the service provider (Google) was responsible for showing these dialogs. Now the web browser is responsible. As a result, the flow may be different on each browser.

Delivering the authentication dialogue via browser indeed streamlines the verification process, but the obscure documentation can make it scary for end users – as we have seen in the aforementioned threads.

Rest assured, your Google account data should be fine.

PiunikaWeb is a unique initiative that mainly focuses on investigative journalism. This means we do a lot of hard work to come up with news stories that are either ‘exclusive,’ ‘breaking,’ or ‘curated’ in nature. Perhaps that’s the reason our work has been picked by the likes of Forbes, Foxnews, Gizmodo, TechCrunch, Engadget, The Verge, Macrumors, and more. Do take a tour of our website to get a feel of our work. And if you like what we do, stay connected with us on Twitter (@PiunikaWeb) and other social media channels to receive timely updates on stories we publish.

Want to work for PiunikaWeb and enjoy best-in-industry compensation & benefits? You'll be glad to know we're hiring experienced candidates.

Tags :

Kingshuk De

I came from a mixed background of Statistics and Computer Science. My research domains included embedded computer systems, mobile computing and delay tolerant networks in post-disaster scenarios. Apart from tinkering with gadgets or building hackintosh, I like to hop on various subreddits and forums like MyDigitalLife and XDA.