Action Required, Some apps accessing Gmail data in your environment will be restricted beginning January 6, 2020, unless you take action!
Your security and privacy are extremely important to Google. In order to better protect your data and help reduce the risk of data loss, we are restricting installs of certain third-party apps that access your organization’s Gmail data using G Suite APIs and OAuth2.
We previously announced that apps accessing user data for non-enterprise accounts using certain Gmail APIs must be verified to ensure compliance with new privacy and security requirements using our OAuth API Application Verification. In June 2019, we announced that we would restrict installation of unverified third-party apps accessing Gmail data, unless you trusted these apps.
Starting January 6, 2020, we will be restricting additional apps that did not achieve verification. Unverified apps currently in use in your environment are listed below.
What does this mean for my organization?
Existing unverified apps will continue to work for users who have installed them before January 6, 2020. After this date, we will block new installs for unverified third-party apps that access Gmail data and that you don’t explicitly trust (whitelist) in the G Suite Admin console.
Additionally, if you do not set Gmail as “Restricted” in App access control, then your users may continue to use these unverified apps if they were activated before January 6, 2020.
What do I need to do?
- Review unverified apps in your environment: Please review the third-party apps currently in use in your organization’s G Suite environment, and decide which apps you want to trust and allow users to continue to install. We have included a list of the apps subject to new restrictions at the end of this email, including the number of users and whether or not you have trusted them.You can also see if any app is verified using the App access control feature (formerly called API Permissions) in the Security section of the Admin console. (See “Review the third-party apps in your environment” in the App access control help center).
- Trust apps that you want to allow users to continue to install: To trust an app, use the App access control feature in the Admin console. Trusting an app also means that, if users consent, the app will have access to some G Suite user data (OAuth2 scopes) that you have otherwise restricted using this same tool. For example, if you have generally restricted access to Gmail OAuth2 scopes, trusted apps will have access for accounts where users consent.
- Why would an app be unverified? Apps may not have completed the verification process for numerous reasons, some of the more common ones being an unsupported Application Type or using data in a way that is incompatible with Limited Use requirements. We have implemented this verification process to help provide users both confidence and consistency with their privacy expectations. As apps are verified, we will post updates on the OAuth API Application Verification FAQ.
- If I am an app developer as well as a user, how do I get an app verified? Review the OAuth API Application Verification FAQ and submit a request for verification from the API Developer Console.
- What will happen to apps subject to restriction after January 6, 2020? Users who have installed such apps before January 6, 2020 will continue to have access to them, unless you restrict access to Gmail in the Google Services section of App access control. New users will not be able to install unverified apps unless you trust them using App access control.
- What happens when I trust an app? Users will be able to install it, whether or not the app is verified by Google. Additionally, the app will have access to any G Suite APIs (OAuth2 scopes) that you have restricted using App access control.
- What if I don’t want to trust any apps? If you take no action, new users will be blocked from accessing these apps beginning January 6, 2020, in addition to the unverified third-party apps that were previously restricted in July 2019.
- What if I want to restrict access to unverified apps for all existing users? You can further restrict access by all third-party apps, including previously installed apps, to Gmail by using App access control. In the Google Services page, set access to Gmail to “Restricted”, so that only trusted apps will be able to access Gmail API scopes. You can limit access to trusted apps for other Google services by also setting them to “Restricted”.
We’re here to help
If you have additional questions or need assistance, please contact G Suite support. When you call or submit your support case, reference issue number 132979135.
The G Suite Team
Unverified Apps in your Domain Subject to Restriction from January 6, 2020
The following are unverified apps in your domain that will be restricted from installation starting January 6, 2020. Included in this list are apps that are both trusted and untrusted by your organization. Internal apps that were created by users in your organization may also be listed. This list is subject to change as apps leave the list when they complete the verification process and are added to the list based on new usage by your users or newly identified non-compliance.
For a complete list of all apps accessing OAuth2 scopes in your domain, please review App access control in the Admin console.
|App Name||OAuth2 Client ID||User Count||Users in Last 30 Days||Trusted Status|
Was this information helpful?
Source: Email from Google to G-Suite Administrator