In response to recent attacks where hackers abused Google’s OAuth services to gain access to Gmail accounts, the company will review new web applications that request Google users’ data.
To better enforce its policy regarding access to user data through its APIs (application programming interfaces), which states that apps should not mislead users when presenting themselves and their intentions, Google is making changes to the third-party app publishing process, its risk assessment systems and the consent page it displays to users.
Google is an identity provider, which means other web apps can use Google as the authentication mechanism for users accessing the app. Apps use the OAuth protocol to do this. These apps can also use Google’s APIs to send users requests for information stored in Google’s services.
To read this article in full or to leave a comment, please click here