Earlier in the month, Google released an official statement on a particularly virulent phishing email imitating Google Docs that was doing the rounds. That same day, coincidentally or not, an update to the Gmail Android app added a special warning page that pops up every time a link in one of the suspect emails is clicked. Now, Google is implementing further changes to help prevent future scams of this type.
Announced on the Google Developers Blog, the efforts include updates to developer identity guidelines, risk assessment systems, and the user-facing consent page. This will make for a stricter web application publishing process, and while it will probably make it a little more difficult to register or modify apps it will make it easier for Google to root out misleading or spoofed identities.
Further to those changes, there will be enhanced risk assessment for web apps requesting user data. Some apps will now require a manual review, putting data permissions on hold in the meantime. For now, such a review can only be requested during testing and should take between 3 and 7 days to complete. In the future, you should be able to request a review during the registration process. Any web apps that don't pass the review process will be restricted long before they ever reach unsuspecting users.
Google took immediate action in the wake of the phishing email threat earlier this month and is once again showing how highly it values data security and online safety — something all of us Android users can be very thankful for.
- Google Developers Blog