CrAKeN Posted May 16, 2017 Share Posted May 16, 2017 Google takes steps to increase security Following the famous Gmail phishing attack from just a few days ago, Google has decided to make it more difficult for apps to get access to people's data. The company announced that new applications that request access to user data will, from now on, face more scrutiny. Some of these apps may even "qualify" for a manual review due to Google's enhanced risk assessment. “Until the review is complete, users will not be able to approve the data permissions, and we will display an error message instead of the permissions consent page. You can request a review during the testing phase in order to open the app to the public. We will try to process those reviews in 3-7 business days. In the future, we will enable review requests during the registration phase as well,” Google informs developers. Developers will continue to use their apps for testing purposes even before they get approved. They'll need to log in with an account registered as owner or editor of the project in the Google API Console. From there, they'll be able to add more testers and to start the review process. To add an extra layer of security, Google has updated the app identity guidelines. In them, it states that apps must not mislead users, which also indicates that they need to have unique names and not copy other apps, which is something that has happened countless times already. “These changes may add some friction and require more time before you are able to publish your web application, so we recommend that you plan your work accordingly,” Google says. Multiple changes to increase security The changes come as a result of the attack that took place a few weeks ago. Gmail users started receiving phishing emails pretending to be from someone they know who was looking to share content with them on Google Docs. A link took people to a login page where a fake Google Docs app requested permission to people's contacts and emails. The attack was stopped within an hour and the company said that less than 0.1% of Gmail users were even impacted by the incident. The company has already tighten OAuth rules, it's anti-spam systems, and more. Source Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.