Few of our customers of our app have started seeing this "Remove risky access" warning when they run the Google security checkup? Our app requires access to user's Gmail (Gmail API) and we've implemented all the good practices as mentioned in the official documentation. How do we resolve this?
This happens when your app has asked access for a scope (for which it has not been reviewed by google yet) and the user has granted it.
For example the app has only been reviewed for
email/profile/openidscope (check here underScopes for Google APIssection for verified scopes of your app ) but has asked fordrivescope as well and let's say user has allowed the access to your app knowingly/unknowingly. In this case user will receive an email from google about removing such risky access.So it is really important for you as a developer if you don't want people to stay away from your spectacular app, make sure that you only ask for scopes that have been reviewed by google or wait until the desired scopes are reviewed if pending.