Is anyone else doing Gmail?

Insert swear words here. As if the Apple security stupidity wasn’t enough I now get something even worse for Gmail. I need to “verify” my app with Google. This is the beginning of an email I just got:

[quote]In order to continue, you’ll need to create and provide a link to YouTube video, in English, that shows how your users will grant permission for you to access their data. In addition, you should show us, in detail, how you’ll use the data you access using OAuth scopes for each OAuth client belonging to the project: xxx
If your app requires registration or features a local login, please whitelist/authorize our test email account oaxxx@gmail.com to allow us to test and validate your app’s functionality.
??OR If your project requires prepared conditions, please provide us with the username and password of a test account that is registered for your app.[/quote]

Head on desk.

Check the mail headers, sounds fishy to me

Wow, I remember something like that years ago from apple. Didnt expected from google. Sound dubious

Yeah, trying to integrate Gmail doesn’t look like much fun…
https://support.google.com/cloud/answer/9110914

I did hear from a user of my email client that access to one’s gmail account via an email client is to be limited to IMAP and would require OAuth. I replied that I wasn’t planning to add IMAP to my client.

@Brian Franco: no, unfortunately, the email is not spam.

@jim mckay : I don’t plan on the full verification. Did you check the prices? That costs between 14k and 75k in Dollars!!! These guys are crazy. They want to force out small vendors like me.

@Tim Streater: how do you do an email client without IMAP? And yes, Gmail loves their OAuth. If you do “less security” you get wonderful warnings. And in Google Apps you can’t do “less security” at all.

Are you doing local only storage?

[quote]The following scenarios do not require a security assessment.

Local Data Storage: If you don’t want to go through a security assessment, you need to change your server storage to local storage only. Local client applications don’t need to undergo a security assessment because data is run, stored, and processed only on the user’s device (such as a computer, mobile phone, or tablet).[/quote]
edit- I suppose you just said that…

POP3.