Google sets new rules for third-party apps to access Gmail data

Google announced the new Gmail access rules today in a blog post in which the company also announced it was shutting down the Google+ social network after an API bug exposed the private details of over 500,000 users.
Google will employ stricter rules for third-party apps that want to access users’ Gmail inboxes.

If you are an Android developer you should know that all Gmail third-party apps with full access to Gmail user data will need to re-submit for a review by February 15, 2019, or be removed. The new rules will enter into effect next year on January 9, 2019.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

All this new and shiny rules represents the company response after they came under criticism in July for letting third-party apps roam free and access users’ Gmail data, including the content of Gmail emails.
Starting next year, only Gmail apps “directly enhancing email functionality–such as email clients, email backup services and productivity services (e.g., CRM and mail merge services)” will be authorized to access inbox data.

All App developers, without exception, will need to rewrite their apps according to these new rules. More than that, Gmail third-party apps that have full access over a Gmail user’s data but only require “send capabilities” will need to re-scope their permissions appropriately because they won’t be allowed to read users’ emails starting next year.

Keep in mind that all app developers will have to re-submit their app for a review by February 15, 2019. Apps that will not apply for a new review by that date will be removed after February 22, 2019.

Along with the mail operator Apps, all Apps will be asked to demonstrate secure data handling with assessments that include: application penetration testing, external network penetration testing, account deletion verification, reviews of incident response plans, vulnerability disclosure programs, and information security policies.

Good news comes only for Apps that only store user data on end-user devices; they will not need to complete the full assessment but will need to be verified as non-malicious software.

All developers will also have to agree to a new Google policy that prohibits them from selling data harvested via their app.
The new Gmail policy and security process represent just Google protecting its back because they don’t want to end like Facebook that earlier this year was considered guilty after a misbehaving third-party app developed by Cambridge Analytica collected troves of user data, which was later used in political campaigns.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.