Google toughens up Security against App-based Account Compromise
Google has implemented new protections that should considerably reduce the risk of potentially malicious apps gaining control of users’ Google account.
There can be no doubt that the added security is a direct consequence of the massive phishing attack in early May, which resulted in many, many users allowing the attacker’s (conveniently named) Google Doc app to access their accounts.
From now on, until a new app is verified by Google, users will have to jump through several hoops (a few clicks and typing the word “continue”) before they can grant that app access:
The change has the added bonus of helping developers test their apps more easily. Since users can choose to acknowledge the ‘unverified app’ alert, developers can now test their applications without having to go through the OAuth client verification process first.
And finally, in the coming months, the verification process and the new warnings will be extended to some existing apps and scripts.
Source | HelpNet Security