Google OAuth Reverification

Google requires applications accessing sensitive user data through its APIs to undergo a security assessment, which can be costly and complex. While initial costs were between $15,000 and $75,000, those renewing their assessments might see reduced expenses, especially if they have completed recent penetration tests or if their application has not significantly changed since the last assessment. This year, Google-approved assessors, including Bishop Fox, Leviathan, and the NCC Group, have increased their capacity to handle demand, potentially reducing delays experienced previously. Returning customers might benefit from more flexible timelines, though early engagement with a security firm is still recommended. Developers should be aware that 73% of medium-level security issues identified were cloud-related, and Google's upcoming guidance will clarify whether these must be addressed before applications receive approval. Nylas offers support and communication with assessors to help clients navigate the assessment process effectively.