In the light of a recent phishing attack targeting Gmail users, Google is updating its app identity guidelines and is implementing a more thorough review process for new web applications that request user data.
The attack unfolded a couple of weeks back, when Gmail users started receiving phishing emails pretending to come from a known recipient looking to share content with them on Google Docs. A link in these emails didn’t take users to the expected content but instead opened a login page, where a certain Google Docs app requested permissions to access the recipient’s contacts and emails.