After witnessing users experience a slew of phishing attacks, Google has been actively working on adding new security layers for its services and apps, including Gmail accounts. Along those lines, the company has released “Unverified app”, primarily a warning screen that will ‘screen out’ phishing attempts while still allowing access.
The new feature acts as a warning screen and additional authentication step for new applications and scripts to be verified by the user. This screen will appear when a user lands on web apps that have not been authenticated by the search engine giant. Users will get notification alerts when they encounter an unverified app, and the user has to type ‘continue’ in the provided field and hit the ‘ok’ button to proceed.
According to TechCrunch, the warning contains the name of the app and its developer to help the user to screen out phishing attempts. On a proactive note, the developers can test out their apps without waiting for the verified status or an alert.
Earlier this year, a phishing campaign targeted Google’s user accounts, sending deceptive emails to its users mentioning that someone from their contact list had shared a Google Doc with them. The email, which contained a malicious Google Docs link, directed users to an actual sign-in page from Google to get access to a malware-loaded app. Once the access is granted, a new request is sent to everyone on the user’s contact list, allowing the app to spread virally. The app plagued thousands of users even after it was blacklisted by Google.
Unverified Apps is an enhancement to the security features added by the Mountain View company a couple of months ago. The feature included anti-phishing tools and OAuth apps whitelisting.
“We’re committed to fostering a healthy ecosystem for both users and developers,” write Google’s Naveen Agarwal and Wesley Chun in a blog post.