They could have gone another route than imposing a bogus security audit and have the devs pay for it. I did an integration with QuickBooks a while back, and they paid/conducted the security audit themselves.
Google could have added a contract that would plainly state that any data needs to be wiped out etc and enforce that contract if anything is fishy.
Google could have created a process to clearly inform the dev that the user wants to delete google related data and impose deadlines on it.
Those are simple, but I think Google was just lazy and listened to a bunch of lawyers instead of thinking out the box.
I have an app that allows to link your email account thru Nylas (with google), now I would have to pay the security audit? No way. I told my customers that any google account that is not a GSuite which whitelisted the app (most of my customers corporate) that they might have warning dialog when connecting their gmail account. There is a limit of 100 linked account without verification ;(
Google could have added a contract that would plainly state that any data needs to be wiped out etc and enforce that contract if anything is fishy.
Google could have created a process to clearly inform the dev that the user wants to delete google related data and impose deadlines on it.
Those are simple, but I think Google was just lazy and listened to a bunch of lawyers instead of thinking out the box.
I have an app that allows to link your email account thru Nylas (with google), now I would have to pay the security audit? No way. I told my customers that any google account that is not a GSuite which whitelisted the app (most of my customers corporate) that they might have warning dialog when connecting their gmail account. There is a limit of 100 linked account without verification ;(