OAuth 2.0 for Google APIs – 3rd Party Audit Costs Require EmailMonkey to Shutdown

The Cost to use Google’s API: $15k – $75k (or more) for a 3rd Party Assessment

It’s a sad day for EmailMonkey and the many folks who utilize our hands free gmail reader service for Alexa & Google Assistant devices. Last week, we received an email notification from Google’s Cloud Platform Console regarding their User Data Policy stating that in order to continue utilizing Google’s API for gmail we would need a third party assessment that Google estimates to range between “$15,000 to $75,000 (or more)”.

A copy of the official email is below:

When you click the “OAuth FAQ” link, under “Security Assessment” “How will the security assessment work” it says:

First, your application will be reviewed for compliance with the Google API Services: User Data Policy. Thereafter, you will have the remainder of 2019 to demonstrate compliance with the secure handling requirements. Assessments will be conducted by a Google-designated third party assessor, may cost between $15,000 and $75,000 (or more) depending on the complexity of the application, and will be payable by the developer. This fee may be required whether or not your app passes the assessment. We expect that fees will include a remediation assessment if needed. If your app has previously completed an adequate security assessment as determined by the assessor, you will be able to provide a letter of assessment that may reduce the scope of the review.

We had been utilizing Google’s API – following Google’s guidelines to adhere to their (much deserved) strict privacy policies – to access the gmail account of users who sign up to use EmailMonkey.  We invested hundreds of hours creating this application and have created a significant user base. Unfortunately, it no longer makes financial sense to continue to offer EmailMonkey as a free service with these new costs.

We aren’t the only ones using Google’s API for gmail related services, so if you see some of your favorite apps starting to disappear – now you know why.


Unable to Remove Alexa Skills from Store

Alexa can be the roach motel of skills; They go IN but don't come OUT Developers unable to remove their skills from the Alexa Store   We had an instance where we needed to remove a skill from the Alexa store for a period of time. Normally, this is easy: just...

read more

Which Smart speaker is best for your business?

Choosing your smart speaker vendor Alexa or Google? Navigating hardware decisions We founded Voice2Biz Inc years ago on the premise that our technology and services would serve all smart speakers so whatever device you chose, we’d be there. Initially, that meant all...

read more