having a third party apps is great, but I'm a bit confused with the permission scopes meaning. I wouldn't want to grant access for more data than is needed to the app. for example, I wouldn't want the app (or it's developers) to have access to the IP in the conf site.
for example, what's "Read data from the host application" mean? what kind of data is shared, where is it stored, and who can access it?
if I have a Conf site with pages with valuable information (e.g., the bitcoin prices tomorrow), if I'll add an app with permission to "Read data from the host application", will my valuable information will be shared with someone?
If an app has READ scope, it can in principle read (get, copy) all the information in your Confluence instance.
However you can restrict access for an app if you know the app user (i.e. the Confluence "user name" of the app).