Source: Enhancing security controls for Google Drive third-party apps from Google Cloud
In October of last year, we announced Project Strobe—a Google-wide effort to review third-party developer access to Google account and Android device data. As a result, we rolled out an updated user data policy further restricting access to Gmail data. Today we’re announcing plans to extend the same policy to Google Drive as part of Project Strobe.
With this updated policy, we’ll limit the types of apps that have broad access to content or data via Drive APIs. Apps should move to a per-file user consent model, allowing users to more precisely determine what files an app is allowed to access. This means that only certain types of apps can request these scopes from consumer Google accounts. As always, G Suite administrators are in control of their users’ apps.
How to prepare
If you’re not a developer, you don’t need to do anything to prepare for these changes. While changes will not go into effect until early next year, we recommend developers begin preparations ahead of time by taking the following steps to ensure their apps using Drive APIs stay compliant and keep working for users. You will not need to go through the verification process if your app is created and used by only your organization (and is marked as internal).
In the next few months, we will start to notify impacted developers of the policy changes and will provide additional guidance on how to meet the updated policy requirements.