Although Google won’t say so explicitly, this is a response to the widespread “Google Docs” phishing email that affected many Google users in May. At the time, Google disabled the accounts responsible for abusing the OAuth authorization.
A week later the company tightened the review process for web apps that request user data, and earlier this month it beefed up G Suite security with OAuth apps whitelisting. Now the company is preparing new warnings for unverified apps.
Starting today, G Suite users will see a new “unverified app” screen for new web applications and Apps Scripts that require verification. This interstitial precedes the permissions consent screen for the app and replaces the “error” page that developers of unverified web apps currently receive.
The goal is to let potential users know that the app has yet to be verified in the hope of reducing the risk of user data being phished.
