Connected applications are third-party tools that a platform allows to act on a user’s or organization’s behalf through permissions, APIs, OAuth grants, or access tokens. In SaaS environments, they can sync files, automate workflows, export data, or read account details without a human logging in each time. They are useful because they extend a platform’s functionality, but they also widen the trust boundary.
In cyber security, connected applications matter because an attacker who steals a token, abuses an overbroad permission, or compromises a linked app may access data without breaking the main login flow. That can make intrusion harder to spot and can turn one account compromise into broader exfiltration. Defenders should regularly review authorized apps, remove unused integrations, limit permissions, rotate tokens, and monitor unusual API activity. In cloud extortion cases, connected applications are often checked because they may reveal which services had access to sensitive data and where that data could have been copied.