Google is locking down API access to Gmail data (and later, Drive data) soon, and some of your favorite third-party apps might find themselves locked out of your Google account data. The new API policy was announced back in October, but this week Google started emailing individual users of these apps, telling them the apps will no longer work starting July 15. The new policy closes off access to Gmail data, and while we by no means have a comprehensive list of what isn’t affected yet, so far we’ve seen users of Microsoft’s SwiftKey and the open source app SMS Backup+ receive notification emails.
Any app that wishes to integrate with Gmail whatsoever must now pass a human-led verification process. Regarding data, the verification process checks that data is accessed at a minimum, in a secure way, and the user knows what they’re sharing. Each app must also comply with Gmail’s data usage policies, which prohibit companies from selling, transferring or using the data for tracking, advertisement, research, or any purpose that doesn’t serve the customer.
There are also two requirements borrowed from the Play Store’s list of issues; developers must be transparent about parent companies and only request the minimum number of permissions.
One last requirement turns out to be a bit of a doozy: the app must be relevant to email. While we don’t have a list of who’s passed and who hasn’t, Google is sending users with unverified apps a warning message, and thus we know that Microsoft’s SwiftKey and SMS Backup+ will no longer be supported. SwiftKey employs a user’s emails to inform its text prediction service, while SMS Backup+ is an open source kit that changes text messages into emails.
Google’s email warning reads: “We wanted to let you know that the following apps may no longer be able to access some data in your Google Account, including your Gmail content. If these apps are unable to meet the deadline to comply with our updated data policy requirements, they’ll lose access to your Account starting July 15th, 2019.”
The cost of security is high, in both the literal and figurative sense, but it must be said that Google is not doing developers any favors. As SMS Backup+ is open source and has no business component, it is impossible for it to misuse data. “I’m sorry about this situation, SMS Backup+ will no longer have access to Gmail, mainly because it’s not an email reading app. I applied for an exception but it was declined, as expected,” SMS Backup+’s developer Jan Berkel confirmed on Github.
July 15 will mark the death of numerous Gmail-integrated apps, and at a later date, Google Drive will receive the same policy update. On one hand, this will be a rough transition for a group of users and third party developers, but on the other, a Cambridge Analytica-type of exploit will be harder to reach Gmail users.