[URGENT] FlowCrypt browser extension signin is blocked

[martgil]

Description: Google block sign in flow on FlowCrypt browser extension and shows an error message the following error message:

This app is blocked
This app tried to access sensitive info in your Google Account. To keep your account safe, Google blocked this access.

Steps to reproduce:

1.) Install FlowCrypt browser extension on https://flowcrypt.com/download. 2.) Try to login with your Google account and you'll get the following screen with error message from Google Login page:

[martgil]

cc: @sosnovsky @tomholub - This affects new users but also old user when the moment they will have to reconnect their account. This makes the extension completely unusable. Enterprise users might've notice this soon.

I'm looking into a fix for this one but I can't guarantee an exact timeline as the information from error message is pretty limited.

[martgil]

Upon investigation, this is the result of Google's preparation in their upcoming transition on how less secure apps to be treated and attached an advice on how those deemed less secure apps should be configured to become secure:

https://support.google.com/accounts/answer/6010255#more-secure-apps-how https://support.google.com/accounts/answer/12849458

[martgil]

I performed additional checks against the following assets:

FlowCrypt web, android and ios apps - all of its user sign in with Google works fine.

[sosnovsky]

@martgil thanks for letting know, checking it

[sosnovsky]

For now, if we'll get any support requests about this issue - please advise to use iOS or Android app, until we'll resolve this issue, thanks!

[sosnovsky]

@martgil I found reason for this issue - we need to perform re-verification of used authorization scopes for Google APIs, I'll submit all needed data for verification, hope it'll be solved soon.

[martgil]

Thank you Roma for taking an immediate action on this.

[tomholub]

Google didn't warn us ahead of this action whatsoever.

[martgil]

@tomholub @sosnovsky I checked this once again and I was able to logged in with my Google Account.

[sosnovsky]

@tomholub @sosnovsky I checked this once again and I was able to logged in with my Google Account.

For me it works for flowcrypt demo gmail account, but doesn't work for my own gmail test account. Currently waiting for google review team response

[martgil]

Got it - thank you!

[martgil]

Hi @sosnovsky - Does Google share any relevant information about their re-verification process?

[sosnovsky]

Hi @martgil, unfortunately it's not so quick as expected - we've passed first stage of verification which is done by Google, but now they request us to perform verification by 3rd-party partner. I'll ask if it's possible to re-enable our app while we're in the process of verification.

[martgil]

Hello @sosnovsky, thank you so much for the quick update. I fully understand. Hopefully, they will allow lifting the app blocking by this week.

[sosnovsky]

Hello @martgil, we've successfully passed security review by Google's security partner, they sent verification confirmation to Google. Hope it'll be resolved in the beginning of the next week, will keep you updated.

[martgil]

Hi Roma, good morning! Thank you for the update - it is good news. I look forward to the next update. I'm always here when you need some help.

[sosnovsky]

Hi @martgil, FlowCrypt browser extension was successfully re-verified by Google ✅

[martgil]

Hello @sosnovsky, thank you. I can confirm that as well when logging into my account. I'm in the process of informing all the previously affected users about this.