Data security in the GA4 Auditor

If you grant a third-party tool access to your Google Analytics data, the question rightly arises: How secure is my data? What happens if the tool is compromised?

We take these questions very seriously. This article explains the security measures we have implemented to protect your data.

OAuth 2.0: Secure authentication via Google

GA4 Auditor uses the industry-standard OAuth 2.0 authentication via Google. This means:

  • No password stored with us: You log in directly to Google. We do not see your password at any time.
  • Google manages your access data: Authentication runs entirely via Google servers.
  • Revocable at any time: You can revoke access at any time in your Google account under Security > Third-party apps.

Minimum authorizations (least privilege principle)

We only request the authorizations that are actually required for the function of the app:

AuthorizationPurpose
openidAuthentication via Google (standard)
emailIdentification of your Google account
analytics.readonlyRead access to GA4 data and configuration
bigquery.readonlyRead access for BigQuery queries

What these authorizations mean:

  • Read-only access to GA4 (analytics.readonly): We can read your GA4 configuration and reports, but cannot change or delete anything.
  • Read-only access to BigQuery (bigquery.readonly): For the extended checks (duplicates, session analyses, e-commerce checks), we only perform read-only queries on your BigQuery export.
  • No admin rights: We have no authorization to configure your GA4 properties, manage users or change settings.

Even if an attacker were to gain access to our systems, he could still use the existing authorizations:

  • Do not make any changes to your GA4 properties
  • Do not write, delete or modify data in BigQuery
  • Do not misuse credentials (as we do not store tokens persistently)

Temporary access tokens without persistent storage

This is where we differ from many other applications: We do not store any long-lived access tokens in our database.

This is how it works:

  1. Short-lived access tokens: The access tokens issued by Google are only valid for about one hour.
  2. Refresh tokens only in the active session: Refresh tokens, which are required to renew access, only exist in the server’s working memory during your active session. They are not stored in the database.
  3. Automatic session timeout: After 60 minutes of inactivity, your session is automatically terminated and all tokens are deleted.
  4. Server restart = tokens gone: When the server is restarted, all active sessions become invalid. You simply have to log in again.

What does this mean for security?

If an attacker gains access to our database, he will not find any usable access tokens. They will not be able to authenticate themselves with Google or access your GA4 data.

Data economy

  • GA4 raw data is not saved permanently: Analyses are performed at runtime and the results are displayed. We do not store a copy of your GA4 data.
  • Property IDs are not saved: The IDs of your GA4 properties are not stored in our database. They are only loaded from the Google API at runtime and used for queries.
  • Settings are linked anonymously: If you save user-defined settings for a property (e.g. expected events), the assignment is made using a non-recalculable hash. In the case of a database break, it is not possible to determine which property the settings belong to.

Encryption and infrastructure

  • HTTPS encryption: All connections to our app are encrypted.
  • Signed session cookies: The session management uses cryptographically signed cookies.
  • Hosting in the EU: The application is operated in European data centers (GDPR-compliant)

What you can do yourself

Revoke access at any time

You can revoke the GA4 Auditor’s access to your Google account at any time:

  1. Open https://myaccount.google.com/permission s
  2. Search for “GA4 Auditor” in the list
  3. Click on “Remove access”

After revocation, the app can no longer access your GA4 data. You will have to authenticate yourself again the next time you visit and grant the authorization again.

Summary

Security measureDescription
OAuth 2.0Authentication via Google, no password with us
Read-only accessanalytics.readonly and bigquery.readonly – technically not possible to write
Temporary tokensNo persistent storage of access tokens in the database
No property IDsProperty IDs are not saved, only loaded at runtime
Session timeoutAutomatic logout after 60 minutes of inactivity
HTTPSEncrypted connections
EU hostingGDPR-compliant infrastructure

If you have any questions about safety, please contact us.

Bernhard Prange

Bernhard Prange ist seit 2014 selbstständig und spezialisiert auf Google Ads & Tracking für E-Commerce und B2B. Er verbindet Performance-Marketing mit technischem Tiefgang (u. a. GA4, Matomo, Server-Side Tracking, BigQuery) und sorgt dafür, dass Kampagnen auf einer sauberen Datenbasis messbar besser laufen – mit Fokus auf Datenqualität, Automatisierung und klare Ergebnisse.

Similar Posts