New security protections from Google to reduce malicious Web Apps

Google is working on another step to improve the protection of users against malicious web apps. Google is now notifying (warning) users of recently created web applications that are still pending verification.

According to Google:
“We’re constantly working to secure our users and their data. Earlier this year, we detailed some of our latest anti-phishing tools and rolled-out developer-focused updates to our app publishing processes, risk assessment systems, and user-facing consent pages.”

“Today, we’re expanding upon that foundation, and introducing additional protections: bolder warnings to inform users about newly created web apps and Apps Scripts that are pending verification. Additionally, the changes we’re making will improve the developer experience. In the coming months, we will begin expanding the verification process and the new warnings to existing apps as well.”

Users will have the option to remove the alert, which enables developers to test apps without going through the OAuth client verification process first.

The “unverified app” warning screen precedes the permissions approval screen for the app and lets potential users know that the app has yet to be verified. This will help reduce the risk of user data being phished by bad actors.

“In the coming months, we will continue to enhance user protections by extending the verification process beyond newly created apps, to existing apps as well. As a part of this expansion, developers of some current apps may be required to go through the verification flow.”

“We’re committed to fostering a healthy ecosystem for both users and developers. These new notices will inform users automatically if they may be at risk, enabling them to make informed decisions to keep their information safe, and will make it easier to test and develop apps for developers.”

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients