Following a recent phishing scam involving a spurious Google Docs link being spread around through email, Google introduced stricter controls for its G Suite admins, the most recent being the ability to block users from installing untrustworthy apps. Now, the search giant is adding yet another layer of security by rolling out an ‘unverified app’ screen for newly created Web applications and Apps Script.
The new additions involve bolder warning messages to inform users about a possible unsafe application requesting access to the user's private data. This new screen is rolling out now for newly created apps and will replace the ‘error’ page the developers and users of unverified apps receive today. According to the G Suite Developers blog post , the ‘unverified app’ screen will precede the permissions consent screen for the app, which will let potential users know that the app has yet to be verified. This should help reduce the risk of user data being phished by nefarious characters. In order to proceed, users will actually have to type ‘continue’, instead of just clicking the button. This should prevent even the most absent minded user to sit up and take notice.
The new security measure should help developers test their apps more easily too since they can choose to bypass the OAuth client verification process , now that the user has a choice before proceeding. While currently, this new process is active for new apps, Google will soon be extending this to existing apps too. Google is also extending this security guideline to Apps Script too. Starting this week, new Apps Scripts requesting OAuth access to data from consumers or from users in other domains may also see the ‘unverified app’ screen.