Google toughens up Security against App-based Account Compromise
July 24, 2017
Shah Sheikh (1294 articles)
Share

Google toughens up Security against App-based Account Compromise

Google has implemented new protections that should considerably reduce the risk of potentially malicious apps gaining control of users’ Google account.

There can be no doubt that the added security is a direct consequence of the massive phishing attack in early May, which resulted in many, many users allowing the attacker’s (conveniently named) Google Doc app to access their accounts.

From now on, until a new app is verified by Google, users will have to jump through several hoops (a few clicks and typing the word “continue”) before they can grant that app access:

unverified-app-ui

The change has the added bonus of helping developers test their apps more easily. Since users can choose to acknowledge the ‘unverified app’ alert, developers can now test their applications without having to go through the OAuth client verification process first.

And finally, in the coming months, the verification process and the new warnings will be extended to some existing apps and scripts.

Source | HelpNet Security

Related articles

Beware of an Android Spyware Mandrake that went Undetected for Last 4 Years

Beware of an Android Spyware Mandrake that went Undetected for Last 4 Years

Web Skimmers Use Phishing Tactics to Steal Data

Web Skimmers Use Phishing Tactics to Steal Data

UK’s IoT Law Hopes to Drive Security-by-Design

UK’s IoT Law Hopes to Drive Security-by-Design