In an effort to prove to myself that I am actually trying to do work
this last month, I’m making a note of all the bugs in 3rd party software I find.
Today is a bug reported to Monzo Bank Ltd (referral link) on the 14th June 2022 where I, as a Plus customer, should have had the ability to export transactions to Google Sheets but was unable to do so due to my participation in Google’s Advanced Protection Programme. This issue was closed on the 16th of June basically say “can’t/won’t fix” 🙁
Initial Bug Report
Hi, I’m a Monzo Plus customer trying to setup auto-export of transactions to Google Sheets.
I select the Export setting, click through the explainer, click “Sign in with Google”, select my personal “Advanced Protection Programme” Google Account, and then Monzo says “Could not connect to Google” and I’m unable to continue.
After 10 minutes, I was bounced to a specialist to look into it and then 4 hours later was asked to try a few troubleshoot steps:
Can we go over a couple troubleshooting steps incase its a small error with the app?
Please can you (if you haven’t already) delete and reinstall the app, could you also try connecting from your data rather than Wi-Fi and seeing if that works?
This I did (and, as I expected it made no difference) so I replied:
I’ve just tried an uninstall and reinstall without any difference (and I have had this issue for a few months, but just didn’t bother investigating it).
HOWEVER, I did try logging into 2 different Google G Suite accounts: one whose account also has the “Advanced Protection Program” enabled and that failed – the other (which hasn’t got it enabled) DID then prompt me to give Monzo permissions to access the account.
I would guess, therefore, the permissions being requested by Monzo to Google are “too loose/relaxed” and are being blocked under the APP – and the Monzo app isn’t gracefully handling the Oauth error response (this is actually confirmed by cancelling the permissions prompt which gives the same “Unable to contact Google” error)
I was in correspondence with my 5th support advisor at Monzo about this who then wanted to confirm:
I’ll get this escalated over to over engineer’s to look into further.
Before I do that, can I just double check I’ve understood correctly – so it seems if you have “Advanced Protection Program” enabled then it causes it to fail but if it isn’t enabled this will then allow you to give permission to access the account?
And I confirmed the findings:
That is correct:
The grant scope /auth/spreadsheets was added to Google’s “Sensitive Scope” list in 2019 – if it’s changed to “/auth/drive.file” (meaning the app can only access files it has created and not all sheets)
And then the support advisor replied:
Okay great, thanks for confirming Richard. I’ll get this escalated to the engineers to see if they’re aware of this and see if there’s anything that can be done.
I’ve just had a response back and we don’t think we can support auto-exports under the advanced protection program unfortunately. There’s no lee-way on this as Google explicitly states they block practically all third party access to Google Drive under this programme:
Most non-Google apps and services are blocked
Advanced Protection stops most non-Google apps and services from accessing data like your Google Drive and Gmail data. That way, your data is better protected against harmful or unsecure access.
After you turn on Advanced Protection, you can allow these apps and services to access your Google data:
– All Google apps and services
– Apple Mail, Calendar, and Contacts apps on iOS and macOS
– Mozilla Thunderbird
– Desktop email clients that access Gmail directly
You can read more about this here
Unfortunately it doesn’t look like this is something we can control on our side or build a workaround for.
Disappointing – I feel like there was something they could have potentially done – such as changing the oAuth grant request as I suggested. It’s incorrect to say that the Google Advanced Protection program totally locks third party apps out of integration.
I can use oAuth to login to most sites, I’ve got Slack integrating with Google Calendar (so any calendar entries get posted to either a channel in Slack or my personal Slack chat), I’ve got integrations with IFTTT so routines etc, I’ve just been able to connect the WordPress plugins CF7 Google Sheets Connector , WooCommerce Google Sheet Connector without problems (okay, the integration wasn’t brilliant in those, but it proves it is possible).