Starting today, you'll see a new "unverified app" screen when trying to access newly created web apps and Apps Scripts that haven't gone through Google's app verification system yet. When a user tries to log in to the app or website by connecting with Google account, the Google will firstly prompt a warning window to let the user know about the unverified condition of the app which may lead to risk the Google Account and credentials.
Apps setup to use Google's authentication process, OAuth, to access data will trigger a screen to appear so that the G-Suite user can verify it.
In the coming months, Google plans to extend the verification process and new warnings to existing apps as well.
Following a recent phishing scam involving a spurious Google Docs link being spread around through email, Google introduced stricter controls for its G Suite admins, the most recent being the ability to block users from installing untrustworthy apps.
"These new notices will inform users automatically if they may be at risk, enabling them to make informed decisions to keep their information safe, and will make it easier to test and develop apps for developers", said Google. For example, those tasks can include the launching of OAuth, which is the Open Authorization standard that lets online users access third-party services without having to re-enter their account passwords.
Google in response said it would ramp up defenses against this type of attack and warned that changes will add "friction" to the process of publishing web applications that use OAuth.
The app market, meanwhile, is also expanding rapidly. Now, the company is taking things a step further with additional security features that block unverified apps and App Scripts.
After May's phishing attack, Google also added OAuth apps whitelisting for enterprise users of its G Suite productivity tools.
This notification/warning to users about unverified apps actually serves a couple of purposes.