Fresh off the heels of the quick-spreading phishing attack earlier last week, Google has today announced that it updating its web app registration guidelines to filter out unwanted content. The Mountain View giant has decided to upgrade its web app publishing process, risk assessment systems, and the look of its user-facing consent page in order to detect and nix misleading or false apps from making its way to users.
With regards to the same, Google now plans on being more stringent about the risk assessment practices for passing its web apps, especially those who require access to user data. Mountain View says that some web apps may even require manual review and their services won’t be made available to users until the process is completed. An error message will be displayed to them on the data permissions page. It is, however, not that all Google accounts will be locked access to the app:
You can continue to use your app for testing purposes before it is approved by logging in with an account registered as an owner/editor of that project in the Google API Console. This will enable you to add additional testers, as well as initiate the review process.
As defined in the official blog post, this is a developer-focused update and they may have to face several review process to make their way to the user. The developers will have to jump several hoops to successfully publish their apps, while the users will not be faced with any disruption. Google is now also ensuring that an existing app name (which was already a guideline) is not changed or reused to release a new web app.
This development comes on the heels of Mountain View’s widely known Google Docs service being hit with a quick-spreading phishing attack last week. Instead of building an external web page looking similar to the platform, which is usually the case, the hacker gamed Google’s system quite easily. The attack manipulated a malicious third-party web app, named Google Docs, paired with Google login — providing it access to your email and contact list.
Once you provided this web app access to the required permissions, it gained access to all your personal details and forwarded the Google Docs link to everyone in your contact list. The striking feature about this phishing attack was that it appeared quite real to even ignore. But, it was immediately curbed by Mountain View and it coincided with the announcement that Gmail’s Android client will now perform enhanced anti-phishing security check.
User security is coming full circle with today’s feature set, so we may not have to worry about any future attacks. But, it would be great if you always keep a keen check on what links or documents you open online — you never know when you’re hit with a scam.