Since a phishing scam perpetrated in May that may have targeted millions of Gmail and Google Docs users, Google has introduced a number of security changes aimed at preventing a repeat.
Announced yesterday, one of the latest updates will pop up an “unverified app” warning when user systems attempt to access new apps or Google Apps Scripts that haven’t yet been reviewed by Google. The warning will give users the option to either cancel their actions or proceed by acknowledging they are familiar with the developers of the apps.
By allowing users to launch app actions anyway, the new warning system will also help developers test their applications before they’ve completed Google’s verification process.
Google continues to make such security tweaks to prevent a repeat of this spring’s Google Docs phishing scam. The scam sent users what appeared to be a legitimate message from one of their Gmail contacts, but then linked to an unverified third-party app rather than to Google Docs.
“Over the past few months, we’ve required that some new Web applications go through a verification process prior to launch based upon a dynamic risk assessment,” Identity team member Naveen Agarwal and G Suite developer advocate Wesley Chun wrote in a blog post yesterday. “Today, we’re expanding upon that foundation, and introducing additional protections: bolder warnings to inform users about newly created web apps and Apps Scripts that are pending verification.”
Agarwal and Chun added that Google plans to expand its apps verification process over the coming months, and to extend the pop-up warnings to existing apps as well.
The “unverified app” warning will also show up before an Apps Script that hasn’t yet been reviewed by Google is allowed to launch. Developers use Google’s Apps Script language to automate tasks that connect Google products to third-party…