Jump to content

Google to Take Closer Look at Web Apps Requesting User Data Access


CrAKeN

Recommended Posts

google-to-take-closer-look-at-web-apps-r

 

Google takes steps to increase security

 

Following the famous Gmail phishing attack from just a few days ago, Google has decided to make it more difficult for apps to get access to people's data. 

 

The company announced that new applications that request access to user data will, from now on, face more scrutiny. Some of these apps may even "qualify" for a manual review due to Google's enhanced risk assessment.

 

“Until the review is complete, users will not be able to approve the data permissions, and we will display an error message instead of the permissions consent page. You can request a review during the testing phase in order to open the app to the public. We will try to process those reviews in 3-7 business days. In the future, we will enable review requests during the registration phase as well,” Google informs developers.

 

Developers will continue to use their apps for testing purposes even before they get approved. They'll need to log in with an account registered as owner or editor of the project in the Google API Console. From there, they'll be able to add more testers and to start the review process.

 

To add an extra layer of security, Google has updated the app identity guidelines. In them, it states that apps must not mislead users, which also indicates that they need to have unique names and not copy other apps, which is something that has happened countless times already.

 

“These changes may add some friction and require more time before you are able to publish your web application, so we recommend that you plan your work accordingly,” Google says.

 

Multiple changes to increase security

 

The changes come as a result of the attack that took place a few weeks ago. Gmail users started receiving phishing emails pretending to be from someone they know who was looking to share content with them on Google Docs. A link took people to a login page where a fake Google Docs app requested permission to people's contacts and emails.

 

The attack was stopped within an hour and the company said that less than 0.1% of Gmail users were even impacted by the incident. The company has already tighten OAuth rules, it's anti-spam systems, and more.

 

Source

Link to comment
Share on other sites


  • Views 571
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...