Following the sophisticated attack that focused on stealing access to Google account by the abuse of the OAuth protocol, which warranted the company to review it's identity services; Google has gone ahead to release new G Suite security feature, OAuth apps whitelist to improve data access controls and phishing prevention.
The Whitelisting for connected apps is to serve as a means for enterprise customers to better secure which third-party apps can get access to users' account information, thus preventing malicious apps from tricking users into accidentally granting access to their corporate data.
And also the corporate won't need to worry about the malicious application taking control of any employee’s Google account, and spreading the attack to more people within the organization.
It's now saddled on admins to create a list of approved apps with OAuth apps whitelisting, so that users can grant access to their G Suite data to any of the apps on the whitelist.
And third-party app access is enforced based on the policy set by admins, and employees are automatically protected against unauthorized apps.
In this way, Google has significantly reduced the likelihood that users will accidentally grant hackers access to corporate data. See the detailed tutorial to learn how to whitelist specific OAuth applications by following this link.
