Skip to main content

Google implementing 3rd-party developer changes to prevent future phishing attacks

According to Google, last week’s phishing scam that imitated a Docs invite was quickly countered by existing security measures. The company is now announcing changes aimed at developers to prevent future attacks.

The fact that a third-party app was able to have “Google” in its title — let alone fully copying the name of an existing product — was widely seen as a major flaw.

The company’s app identity guidelines already state that “app names should be unique to your application and should not copy others’.” But to better detect spoofed or misleading app identities, Google has updated its application publishing process, risk assessment systems, and user-facing consent page.

For the time being, this might result in developers seeing an error message when registering new apps or modifying existing ones in the Google API Console, Firebase Console, or Apps Script editor.

Additionally, there is a new review process specifically for web apps that request user data, as well as other restrictions.

This enhanced risk assessment might require that some web apps undergo a manual review. During the process, users will not be able to approve permissions and will encounter an error message instead of the consent page. These initial reviews will take 3-7 business days, with Google eventually permitting earlier review requests during the development process.

As a result of these two changes, the company recommends that developers review the data request guidelines and account for the delays.


FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Abner Li Abner Li

Editor-in-chief. Interested in the minutiae of Google and Alphabet. Tips/talk: abner@9to5g.com

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications