Google’s painful Gmail OAuth verification process

How it will affect independent developers and kill innovation

Google, bruised from years of privacy scandals and keen to avoid its own Cambridge Analytica incident, announced last year that any project touching user data in Gmail would now require verification. What verification meant was left unclear until the beginning of this year.

When the dust settled, Google published an FAQ outlining what was required. Any app touching user data was required to pay a fee between $15,000 and $75,000 or more. A full security audit was required by one of two third parties selected by Google. Cries of protest went up around the web, and several services announced their intention to shutdown.

Fearing the worst I was preparing to e-mail users and start shutting down Aura. However, because Aura doesn’t store any user data on its own servers I was able to avoid the security audit. After five months of waiting, Aura has just completed the verification.

Ajay Goel, developer of the Gmass extension, has live blogged the process – still ongoing. If it looks opaque and unclear, that’s because it is. The Google team reviewing applications takes weeks or months to reply, and frequently loses the thread of the conversation.

With a userbase numbering 1.4 billion users, Gmail has become a platform in its own right. What makes this policy so frustrating is the inconsistency. Any e-mail app can still connect to Gmail using POP3 or IMAP which aren’t subject to these checks. The result will be to stifle innovation, frustrate users and increase prices for all services.

Launching Aura Talk

A new community site for Aura

I’m launching Aura Talk, it’s available here. What is it? It’s a community site, built on Discourse (which is awesome software, check it out if you need a forum). I’ve found that as Aura grows in users and complexity that I need something better to co-ordinate everything.

I’ll be using it do things like:

  • collect bug reports
  • run betas and collect feedback on the next version of Aura
  • post full release notes (as promised for v4)
  • post quicker, smaller updates on my progress
  • talk to this amazing group of users
  • post support and help documents
  • and just generally to make Aura as great as it can be

In an attempt to make it effortless to login, there’s no need to create an account. All authentication is done through your Google account, full details here but the TLDR is that you only need to have used Aura before, and the trial will do.

Head over to check it out, it’s going to get busier over there soon.

Aura 4 - The Biggest Release Yet

Bringing dark mode, Mojave support, search and thousands of other improvements to Aura

I’m delighted to release Aura 4. This release represents many thousands of changes that make this a faster, more powerful and useful app. For the sake of brevity, here are just three of the main ones.

Search bar

The search bar has become much more powerful. A fuzzy, quick search matches thousands of items from your accounts and lets you jump to anything instantly. Contacts, inboxes, categories, labels or types of mail.

Gmail Improvements

Improvements all round to how Aura interacts with Gmail. All of Gmail’s smart categories are accessible. The synchronization has been improved along with better sleep/wake behavior.

Dark Mode

Mojave added support for a system dark mode, and Aura fully supports it. You’ll even notice the theme colors used throughout.

A more complete run down of all the bug fixes and smaller improvements will be published soon is published here on Aura Talk.

Finally, stricter requirements for access to Gmail data were published at the beginning of the year. Aura has always treated your email data securely and already met all of the requirements. But users of older versions of Aura will need to migrate to Aura 4 as API keys for versions 1 - 3 are going to expire. Aura 4 is a free upgrade for all customers and I will be contacting you soon if you haven’t yet upgraded.