Take action by July 8, 2019, to ensure your users can continue to use third-party apps accessing Gmail data

What’s changing

Security and privacy are extremely important to Google. To better protect your data, we’ve made an important update to our policies governing third-party apps (web, Android, iOS, Chrome, and other apps) accessing Gmail data using G Suite APIs and OAuth2.

We previously announced that apps accessing user data for non-enterprise accounts using certain Gmail APIs had to be verified to ensure compliance with new privacy and security requirements using our OAuth API Application Verification. Starting on July 8, 2019, we’ll apply similar requirements for apps you may use within your domain.

Who’s impacted

Admins and end users

Why it matters

While existing unverified apps will continue to work for users who installed them before July 8, after this date we’ll block new installs for unverified third-party apps that access Gmail data and that you don’t explicitly trust (whitelist) in the G Suite Admin console.

How to get started

  • Admins:
    • Review unverified apps in your environment: Please review the unverified apps currently in use in your organization’s G Suite environment and decide which apps you want to trust and allow users to continue to install. The primary admin contact at your organization will receive an email by June 21, 2019, with a list of those unverified apps, including the number of users and whether or not you have trusted them in API Permissions.
    • Trust apps that you want to allow users to continue to install: To trust an app, use our API Permissions (OAuth apps whitelisting) feature in the Security section of the Admin console. Trusting an app also means that, if users consent, the app will have access to some G Suite user data (OAuth2 scopes) that you’ve otherwise restricted using this same tool. For example, if you’ve generally blocked access to Gmail OAuth2 scopes, trusted apps will have access for accounts where users consent.