In an response to continuous Docs phishing debacle last week, Google introduced some new safeguards to better protect us from these types of attacks.
The Gmail app for Android scans for suspect links and Google has tightened up its policies on third party authentication to help keep phishing scams from even getting to you. Today, the company has come out with more guidelines and systems at the developer level that should help prevent even more of these attempts.
Google already has a policy requiring that web app names must be unique to any single application. The company plans to update its publishing process, assessment systems and user-facing consent pages to “better detect spoofed or misleading application identities.” In addition, if a web app requests user data, it may undergo a manual review, much like Apple requires for all of its mobile apps. Google hopes to process these reviews within three to seven business days, and developers can request a review to allow access to a testing version of their app before it is officially approved.
Google also points developers to a blog post explaining their responsibilities when requesting user data. While that may be a good idea for scrupulous app makers, it isn’t going to deter those who want to steal such data. Adding a human review to the updated automated systems within Google’s process could be a much better first step.