In addition to changes for Chrome extensions, Project Strobe is responsible for upcoming restrictions on third-party access of Drive. Similar to Gmail last October, Google is locking down what apps can access user data and verifying the authenticity of those that do.
The new Drive API policies involve apps moving to a per-file consent model where users can select precisely what third-parties have access to. These changes are primarily targeted at consumer accounts that are using services beyond the first-party Docs, Sheets, and Slides, while G Suite users and internal applications are exempt.
If you’ve developed a Drive app that uses any of the restricted scopes, we recommend migrating your app to use the drive.file scope in combination with the Google Picker. This combination will enable users to select the specific files from their Google Drive that they want to allow your app to access.
When using a third-party application, users will be asked to pick the file in Drive that they want to work on through a standard interface. This prevents broad access to content or other data in Drive.
Backup clients and other apps that cannot use drive.file are advised to prepare for restricted scope verification. Google will take steps to assess apps starting next year and ensure user data is being handled properly.
A process that, among other steps, ensures your use of data is compliant with the Limited Use Requirements and includes a security assessment if your app stores or transmits through servers. Restricted scope verification for the Drive API will begin early next year. Refer to the FAQ for more info.
Impacted developers will be notified in the coming months. Project Strobe began last year to analyze third-party developer access in Google services and Android. This root-and-branch review was responsible for uncovering issues that ultimately led to the consumer shutdown of Google+.