New Google Contacts API Taps Your Gmail Address Book
Google has rolled out a new Contacts API which will allow developers to access your Google contacts without you needing to grant full access to your account. Prior to the new API, sites that wanted to harvest your contact data (Facebook for example) needed your Gmail login information.
If handing over your e-mail login info to a third party strikes you as a bad idea (and it should), the Google Contacts API is what you’d been waiting for.
Using the API, Facebook can now re-write its import script so that you would be forwarded to a Google login page to grant the application access to your contact list. Facebook itself would never actually know your login information, it would simple get a token allowing it to grab your contact data and move on.
While this is welcome news for anyone who’s ever skipped on importing their address book because they were worried about handing out login credentials, it’s not without some drawbacks.
First off it’s disappoint to note that Google has opted to use the AuthSub system instead of the more open oAuth protocol championed by the DataPortability group (of which Google is a prominent member).
Another possible reason for concern is how susceptible this is to phishing attacks. For instance, it seems like it wouldn’t be too hard to craft a malicious site that looks like a Google authentication page, but actually grabs your username and password. Of course that’s always a problem and certainly not a result of the API itself.
The last thing that makes this perhaps less than ideal has to do with the way Gmail creates contacts. As Ionut Alex Chitu over at Google Operating System writes, “the problem is that your Google contacts aren’t always your contacts: they’re mostly a bunch of people automatically added by Gmail because you replied to their messages.”
When it comes to importing contact data into social networks sites or your Outlook address book that potentially means a fair amount of unwanted addresses coming in from Gmail.
For instance, the screenshot above shows the roughly 150 people that I’ve added to Gmail (and sorted into groups), but Gmail is storing almost double that number. While it’s not a problem within the Gmail interface, since I can still get to what I want quickly and ignore the rest, the extra data may cause problems in desktop clients that don’t offer they same level of organization.
Still, the new Contacts API is welcome news, both for those tired of handing out login info and those looking for tools to sync data between their Google account and desktop PIM clients. Although there’s nothing on tap for the launch, we have no doubt that third party apps will starting popping up soon. Eventually there will probably be options for just about every desktop contact manager around.