Google has been bolting on new security measures for G-Suite, and now a screen for unverified apps will be added to the fortifications.
Apps setup to use Google’s authentication process, OAuth, to access data will trigger a screen to appear so that the G-Suite user can verify it. This will be the case if the developer has not completed the verification process put in place by Google.
In an attempt to challenge the user’s lack of awareness to potential threats, the new G-Suite verification screen will also require the word ‘continue’ to be typed out for final confirmation, and to dismiss the screen.
The screen will also detail the name of the developer, and the application itself to give the user the best chance possible to work out whether they trust the legitimacy of the app and its origin.
Google have already tackled other problems with the recent addition of new anti-phishing tools, an OAuth whitelisting feature, and an enhanced app review process.
In an announcement about the new feature, Google said: “We’re committed to fostering a healthy ecosystem for both users and developers… These new notices will inform users automatically if they may be at risk, enabling them to make informed decisions to keep their information safe, and will make it easier to test and develop apps for developers.”
New anti-phishing tools come as no surprise, as G mail has been plagued by wide reaching, formidable phishing attacks in recent months that have impacted millions of users. The whitelisting feature now means admins can control which third-party apps can access their data.
The advanced phishing attacks that had been preying on G-mail users involved an embedded image and poses as being sent by a familiar contact. With the ability to tailor these phishing emails on a massive scale, many were caught out who may well have spotted the more traditionally conspicuous attacks.