Relying on Google for your business
in the after-match of Cambridge Analytica
One thing our users love is how our email automation software (QuickMail.io) is robust and stable. Yet, I was in for a big surprise last week.
After auditing our application permissions, Google asked us to reduce our scope from “Gmail full” permission to “Gmail modify” permission.
Historically, we needed full permissions as this was the only way to enable some of our users to use SMTP over the Gmail API.
Since Google says SMTP is a ‘no go’ now, the request made sense and so we happily complied.
We followed the instructions and removed the “full permission” scope to add “modify scope” instead (reduced permission). Then we re-submitted our application.
Immediately after the changes, to my horror, I discovered that our approval screen changed to unverified.
Instead of the nice permission screen, our new users were greeted with this instead:
Our google admin dashboard for the authentification screens displays: “Your consent screen is being reverified. This may take up to several weeks. Your last approved consent screen is still in use.” (emphasis mine)
The last approved consent screen is clearly not there. And our app is still not approved a few days in this mess.
It’s clearly not an ideal experience for users, but it’s workable as we educate our users on how to bypass this screen.
Unfortunately, this is just a bandaid as unverified apps are capped at 100 new users and we get about 20–40 each day.
Not sure what will happen when the cap will be reached.
Yet, since this happened, we:
- Replied to the email that asked us to change the scope.
- Use the send feedback button and answer the “How could we improve” various support pages.
- Asked on Twitter (google and googledev) for best way to proceed.
- Played with the code to ask for full permission again, but got the same results (unverified app)
- Re-submitted the app mentioning the urgency of the situation.
- Asked on Stack Overflow
- Asking friends around
- Writing this article and pinging Google Developers
So far, we may well have spent the time watching movies… as we only got crickets.
My business is 5 years old, we used the Gmail API from the first day and yet here we are.
Edit: 19 March 2019
Trying to get access to support by paying. Up to 5 business day to be allowed to purchase access to technical support…
After paying $250 to access support for production application in the cloud, I received this email. TL;TR thanks for the $250, nothing we can do.
Edit: 20th March
Today, I received a nice acknowledgment that they know the shit storm this created and we need to be patient.
Our users, whom we recommended contacting G Suite support mentioned that they received quite a few calls regarding this issue.
We managed to figure out a way to make it work for almost everyone (as there are always special cases), but it’s still less than ideal.
Unfortunately, it’s not my patience they should care about, it’s one of our (their) users.
Edit: 21st March
Edit: 22nd March
After raising a billing support ticket, we learned that the $250 will be covered by our Free Trial credits. So that’s good news.
But the email also mentioned our app verification being resolved, which could mean this whole thing was finally over.
Sadly, after checking it still isn’t.
They may have put the permissions back in the background, but the app is still showing the unverified screen.
I let them know and didn’t get an answer yet.
I sincerely doubt they’ll work on it this weekend… unlike me.
Edit: Friday 29th March
I received an email explaining to me that I should not change my permission rights during the reviewing process.
This was not the case at the beginning (believe me, I tried a lot of things to attempt to make it work), and so I kept the modify permission that would ensure minimum disruption once the process would be completed.
Yet, I failed to try this after the email mentioning the rights were being added in the background.
So I reverted the permission to ask for permission full after this email and to my immense relief, this works and we are no longer experiencing the “App is unverified” issue anymore.
Things are finally back to normal after about 3 weeks of hell.
I expect we’ll have this again when they will approve the application with the lesser permissions, but at least, this time will be quick since it will depend on me changing the permissions we ask. (I’ll update what happens here next).
To be continued…