Google’s New Security Feature Protects Users from Unverified Apps
Google has been steadily adding new security features for its G Suite users over the course of the last few months, including new anti-phishing tools and OAuth apps whitelisting, as well as an enhanced app review process. Today, it’s adding another layer on top of this with the launch of a new “unverified app” screen for new web applications and Apps Scripts.
This new screen will appear for apps that use Google’s OAuth implementation for accessing your data and that come from developers who haven’t gone through Google’s verification process yet. This new screen will alert users that the app they are about to use hasn’t been verified yet and that they proceed at their own risk. You even have to type in “continue” to move beyond the warning screen. That should make even the most inattentive user perk up.
Ideally, because the screen clearly notes the name of the application and developer, this should help to greatly reduce the chance of getting phished.
Google also notes that because you can dismiss this interstitial, developers will be able to more easily test their apps before they have gone through the verification process.
“We’re committed to fostering a healthy ecosystem for both users and developers,” the company writes in today’s announcement. “These new notices will inform users automatically if they may be at risk, enabling them to make informed decisions to keep their information safe, and will make it easier to test and develop apps for developers.”
Google is bringing the same kind of protections to Apps Scripts, too. Apps Scripts allow developers to extend Google Sheets, Docs and Forms with additional functionality, and users there will also see a similar “unverified app” screen soon.
For now, these new security features only pop up for new apps. Over the next few months, though, Google will extend this feature to existing apps, too. This means developers of some existing apps will have to go through the new verification process, as well.
(Story via TechCrunch)