Google Publishes App OAuth Verification Guidance

As part of a data security initiative, Google has published guidance for developers to get their apps ready for OAuth verification by the company.

The guidance stems from last year's launch of Project Strobe, described as a review of third-party developer access to Google account and Android device data and the company's philosophy concerning apps' data access.

That review spawned many changes, including changes in policies regarding data protection for Gmail and Android, such as Android SMS and Call Log permissions, which drastically reduced the number of apps that can access sensitive information.

In publishing the guidance to help developers prepare their apps to be submitted to Google for OAuth verification today (Sept. 19), Google said, "One result of this effort has been to expand our app verification program to cover more apps and more types of data access. It is important to understand how the process works so that you can optimally build your app and streamline the verification process. Here we walk you through the process of preparing your app for OAuth verification."

A high-level outline of the walkthrough reads like this:

  • Confirm whether your app needs verification
  • Determining if your app is using sensitive or restricted scopes
  • Setting up the right project structure
  • Configuring your project
  • Submitting your app for verification

"By following these guidelines for submitting your app for verification, you can greatly streamline the process of getting your app approved and released to the Google user community," Google said.

An extensive OAuth API Verification FAQ provides more information, ranging from when an app has to be verified, how long the process takes and much more.

About the Author

David Ramel is an editor and writer for Converge360.