Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
521 views
in Technique[技术] by (71.8m points)

gmail api - Exemption for the Google Security Assesment when using restricted scope

I'm trying to find out how I can know if my application that wants to use a restricted Google API scope is exempt from the security assesment.

The documentation for the Google API Services User Data Policy states that:

Local client applications that only allow user- configured transmissions of Restricted Scope data from the device may be exempt from this requirement.

How can I find out if my app qualifies for this exemption?

question from:https://stackoverflow.com/questions/65884238/exemption-for-the-google-security-assesment-when-using-restricted-scope

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

If you check the OAuth API verification article here:

These applications [local client applications] may be exempt from the secure handling policy because the security assessment (and successful securement of a Letter of Assessment) primarily addresses risks associated with developers obtaining and storing data on servers.

Developers should specify in the verification application whether they believe the application is a local client application, and we will work with the developer to verify that is the case.

Therefore, when sending the verification application you should mention that the application you have is a local client one and if this is indeed the situation, you will be notified about it.

Also, please bear mind, that the local client applications can be defined as, according to Google:

Local client applications are generally applications that only run, store, and process data on the user's device (like a computer, mobile phone, or tablet). While user actions may cause data to leave a device (such as sending an email), local client applications do not transmit restricted scope data to the developer's servers (or servers specified by the developer), unless the user explicitly configured the application to do so. This would include local email clients, file managers, and calendar and contact management applications that don't utilize cloud services or only transmit restricted scope data to user-configured destinations.

Applications that send restricted scope data to a developer's or third-party's servers without explicit user-initiated action, such as setting up a backup capability, will not be considered a local client.

Reference


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

1.4m articles

1.4m replys

5 comments

57.0k users

...