Google has announced that it will review any new web applications that request permission to access Google user data.
The company is reinforcing its policy tied to accessing user data by updating their “app publishing process, our risk assessment systems, and our user-facing consent page in order to better detect spoofed or misleading application identities,” Naveen Agarwal, a lead for Google’s Federated Identity Team, said in a blog post.
These updates are a response to recent attacks that resulted in hackers leveraging Google’s OAuth services to compromise Gmail accounts.
Earlier this month a phishing campaign impacted up to one million Gmail users. The messages sent to victims included phony Google Doc access links that asked for permission to control their email accounts to read, send, and delete messages, as well as manage contacts.