Google’s Project Strobe Improves Gmail Security

Google project strobe

Google is updating and improving the way they handle permissions given to third party providers. This updates are part of “Project Strobe”, a review of the ways developers access data in apps such as Gmail, Drive and Calendars for Android.

The news comes shortly after recent problems for the company with the “Google Plus hack”, a bug in the company’s social site that allowed third-party services to access non-public parts of people’s profiles.

There will be some changes in the following months in the way permissions are handled. Google has stated that they want to provide “more granular account permissions". For example, apps that request your permission to access different Google services, will require you to approve the use of each service separately.

You can also deny access separately. For example if an app requests to access Gmail and Calendar, but you just want it for email functionalities, you can deny access to Calendar. The option can later be changed if you decide to grant access to Calendar. The permissions will also be delayed until the time they are needed to enable a certain feature.

Google account permissions

Another change is that Google will restrict the data from Gmail that apps can access.

This, of course, doesn’t mean big changes to users but also to app developers that will need to meet a reviewed set of requirements for their apps to be approved. For example, if they are going to be using Gmail data, they will detail this in a report containing “application penetration testing, external network penetration testing, account deletion verification, reviews of incident response plans, vulnerability disclosure programs, and information security policies.”

Changes will be coming out starting next month, but expect new ones to appear. Right now Google seems to be focusing on the services with the most number of users.

Back to