Thursday, July 20, 2017

New Security Layer Aims to Protect Your Account from Unverified Apps

Google was hit with a massive phishing attack earlier this year as an email tried impersonating Google Docs in an attempt to get you to give it access to your account. The attack was stopped that same day, but not before a large number of people fell for it and had their accounts compromised. Since then, Google has been implementing a number of additional security checks including new anti-phishing tools within Gmail, Google OAuth apps whitelisting, and an enhanced app review process.

The company is serious about security and it benefits them to keep your data as secure as possible. This week, Google has announced yet another layer of protection that will be included in addition to its "unverified app" screen that it currently has for new web applications and Apps Scripts. The goal here is to try and make you confirm you're 100% sure that you want to access one of these unverified applications by having you type "continue" before you can proceed.

This whole process will only appear when an application that uses Google's OAuth system and has yet to be verified by Google themselves. So you'll still see the typical "app isn't verified" message with the ability to continue anyway. If you click the continue anyway option, you'll then be prompted to type out the word "continue" before it will let you grant access to your account. The hope is that if you have to type something out instead of just clicking on a button, then you should definitely know the application isn't verified and could pose as a risk.

Google says this new process will also benefit developers as they'll be able to dismiss this interstitial. So developers will be able to test and iterate on the application they're developing much faster than before. All of these changes are coming to App Script as well since they can integrate into Google Sheets, Docs, and Forms for additional functionality. So users will see this prompt if something has yet to be reviewed and verified from Google themselves.


Source: G Suite Developers Blog Via: TechCrunch



from xda-developers http://ift.tt/2uNrv7Y
via IFTTT

No comments:

Post a Comment