OAuth 2.0 for Google APIs – 3rd Party Audit Costs Require EmailMonkey to Shutdown

The Cost to use Google’s API: $15k – $75k (or more) for a 3rd Party Assessment

It’s a sad day for EmailMonkey and the many folks who utilize our hands free gmail reader service for Alexa & Google Assistant devices. Last week, we received an email notification from Google’s Cloud Platform Console regarding their User Data Policy stating that in order to continue utilizing Google’s API for gmail we would need a third party assessment that Google estimates to range between “$15,000 to $75,000 (or more)”.

A copy of the official email is below:

When you click the “OAuth FAQ” link, under “Security Assessment” “How will the security assessment work” it says:

First, your application will be reviewed for compliance with the Google API Services: User Data Policy. Thereafter, you will have the remainder of 2019 to demonstrate compliance with the secure handling requirements. Assessments will be conducted by a Google-designated third party assessor, may cost between $15,000 and $75,000 (or more) depending on the complexity of the application, and will be payable by the developer. This fee may be required whether or not your app passes the assessment. We expect that fees will include a remediation assessment if needed. If your app has previously completed an adequate security assessment as determined by the assessor, you will be able to provide a letter of assessment that may reduce the scope of the review.

We had been utilizing Google’s API – following Google’s guidelines to adhere to their (much deserved) strict privacy policies – to access the gmail account of users who sign up to use EmailMonkey.  We invested hundreds of hours creating this application and have created a significant user base. Unfortunately, it no longer makes financial sense to continue to offer EmailMonkey as a free service with these new costs.

We aren’t the only ones using Google’s API for gmail related services, so if you see some of your favorite apps starting to disappear – now you know why.

 

Alexa In-Skill Purchasing Not Yet Ready For Prime Time?

Is Alexa In-Skill Purchasing Not Yet Ready For Prime Time? We’re having a heck of a time getting a client’s Alexa skill beta tested and certified. The skill uses Amazon’s In-Skill Purchasing, or ISP.     Fun time #1 - Double Charges We found a verified Amazon ISP bug...

read more

Alexa Flash Briefing Woes

  Some Unexpected Challenges with Alexa Flash Briefings Creating an Alexa Flash Briefing skill is very simple. However, there are a couple of gotchas, and one that’s not documented as far as I can tell.   Broken Feed URL When you create a Flash Briefing skill and add...

read more