Google Ads Scripts Security

Posted 2 months ago

Let's quickly discuss:

  • General Google Ads Scripts Security
  • Our Google Ads Scripts security

General Google Ads Scripts Security

Google Ads Scripts are secure. About as secure as your Google Ads Account.

There are two (potential) caveats:

1) If you install a nefarious script

We have never seen or heard of a nefarious script, but it's possible. A bad actor could create a script which pulls in external code without you realising. That external code could then do anything it wants.

With that, don't install scripts which aren't from a trusted source. You should also be aware of which permissions you're allowing during the authorisaton process.

2) Your data leaves the scripting environment

Usually, this is in the form of a Google Sheet.

It's mainly just a case of being careful who you share the sheet with. You can set up security Groups within Google Workspace to enforce rules here.

Our Google Ads Scripts Security

Key points:

  • We take security very seriously. We've never had an issue and never plan to.
  • We don't gain access to any of your data unless you explicitely share it with us (e.g. by giving us Sheet access). None of your data interacts with our servers, so it isn't possible to store it. 

All of the general stuff applies with our scripts.

You will notice you need to provide access to a service named UrlFetchApp (aka "Connecting to an external service"). This is where we pull in the script's code from our servers. It enables us to push fixes and updates in the cloud, without needing to install a new script every time. Our servers are secured using modern best practices.

A note on bug reporting: some of our scripts include an option to send us a bug report on your behalf. The script will email us with 1) Your user ID and 2) The error message. That's it. Where the feature is available, you have the option to turn it on/off.

Remember: we're not responsible for your Google Sheet security.

Back to the Blog