Just got a Roku XD, and it's awesome! I have a question though in regards to the security of login information with Private channels, specifically the Picasa channel.
After entering the link code on the developer's website (which I found uncomfortable vs. linking from a google site), I was prompted to enter my Google login with a warning that a 3rd party was trying to access my account. I stopped there because I wasn't sure if the developer's site was making use of my login info or if it was still private.
So my questions are:
1.) Where does the login info reside, and is it secure?
2.) Does the developer have access to the login info?
I appreciate any feedback!
After entering the link code on the developer's website...
At the google login page, I get the message "A third party service is requesting permission to access your Google account".
No it isn't(well, not JUST the Roku). The developer of the Picasa Channel, Chris Hoffman, implemented a Google App Engine site to ease the setup process . Here is his support thread: viewtopic.php?t=30575kc8pql wrote:At the google login page, I get the message "A third party service is requesting permission to access your Google account".
That would be your Roku.
hoffmcs wrote:Bryce_V wrote:I was curious about privacy. You have access to our accounts, so what does that mean? Can you view our pictures or do other nefarious things? I'm not saying you would.... I just don't know how much power is allowed with the access granted.
I do not have any access to your account. I specifically set up the authentication process to be very secure. All authentication keys are only accessible on your Roku box and you only have to enter your password on a Google webpage. The only reason you are going to a website on my domain is for convenience instead of entering these long jumbles of letters, numbers, and symbols. Authentication uses an industry standard process called Oauth. If you ever think something nefarious is going on, you can always revoke access on this page https://www.google.com/accounts/b/0/IssuedAuthSubTokens.