Google started a project called Project Strobe at the beginning of this year. The purpose of this project was to review the access level of third-party applications into Google accounts and user information. Moreover, Google reviewed how third-parties use the information gathered from Google accounts. There were many surprise findings; even for Google itself. It was revealed that hundreds of thousands of Google accounts may be compromised. As a result, Google brought many changes to its service structure and policies. One of them was changing the Gmail API rules.
Gmail API rules
For those who are not much into software, the API stands for Application programming interface. In simplest of terms, it’s a medium between two software applications to communicate and to receive and send instructions to each other. So, a Gmail API is a medium that allows third-party applications to communicate with Gmail. For example, if you are to log into a third-party application through a Gmail account, the third-party will need a Gmail API.
Now, the recent ‘changes in the Gmail API rules’ mean that Google is changing the way third-party developers gain access to Gmail accounts through Gmail API.
The updated Gmail API rules include stricter policies for the third-party developers. Now, only those developers will be able to use Gmail API whose websites or applications enhance Gmail’s functionality. Moreover, some third-party developers have to go through certain security checkups before they are granted Gmail API access. The expenses of this security checkup will also be paid by the third-party developers.
Why Google had to change the Gmail API rules?
Justifying the recent changes, Google explained that users give access to their Gmail account information to third parties for specific purposes. Most of the time, it is only for the login purpose. Hence, the access of third-party developers to Gmail account information of the users was also revised.
Unfortunately, Google found out that third-parties can access more information than just username and password. Google found out that third-parties had access to other important information such as age, gender, location, and profession, in addition to the username and the password.
Although Google didn’t reveal this glitch in its systems to the public at first, it had to acknowledge the fact after reports in print media about the leak. Google has since then brought many big changes to its service structure and policies. This includes the closure of Google Plus for general users, revised privacy policies, and enhanced security measures.