Google has pledged to ameliorate its web app review process after being fooled by some attackers. A group of phishers used Google’s web platform and published an app named Google Docs. The app camouflaged as Google Doc appeared as the authentic Goggle app. Many users used the apps thinking it to be Google’s products. Google had to find out the culprits and block the applications after a tedious search of three hours. Google finally blacklisted the duped app and sent out warning and updates to all its users via Gmail.
Google now has officially released a statement that they are working hard in replenishment of the web app review process. The Mountain View giant is also looking into the approach with regards to the publishing process for web apps that request user data.
Google said that its API’s user data policy states that “apps must not mislead users” and that their names “should be unique to [the] application and should not copy others”. But despite the regulations, the process of enforcing this policy have been failure. There was lackluster in implementation which has been proved from time to time with every mishap that occurred with Google. Now to fix the growing menace, Google is updating its web app publishing process, its risk assessment systems, as well as the user-facing consent page for apps. The change will not affect the user side. A normal user will not notice any change but the change is inevitable for developers. The new set of rules and regulations should be abided by the developers while publishing their web apps.
For example, now some web apps might even require a manual review by Google before publishing publicly. Developers will also have to manually request review during an app’s testing phase, and wait for about a week until Google acknowledges. The new set of changes are surely going to prevent such phishing attacks.