Updating developer identity guidelines and registration processes to protect users

In response to a phishing attack exploiting the OAuth authorization infrastructure, Google announced updates to developer identity guidelines and registration processes to enhance user protection. These updates involve stricter app identity guidelines, requiring app names to be unique and not misleading, and improvements to the app publishing process, risk assessment systems, and user consent pages to detect spoofed identities. A new manual review process has been introduced for web applications requesting user data, which may delay the ability to publish apps but aims to prevent unauthorized access. Developers are encouraged to plan accordingly and can still test apps using registered accounts before approval. Additionally, Google emphasizes the importance of developers understanding their responsibilities when accessing user data to maintain a secure developer ecosystem.