Google Oauth verification #308
Comments
|
Unfortunately, that is correct. If you request scopes that google considers trustworthy (everything that is fitness) you have to go through this. |
|
I strongly suggest to use HealthConnect instead of Google Fit, especially for simple things like steps and distance. |
|
Thanks for the answers, assumed i take that approach and use the latest version of the plugin with HealthConnect, then Google will require to send the Developer Declaration Form, how many time will Google need to review the form ? Are we talking about days or weeks? |
|
Hi @maswa, Between the email from Google and the CASA confirmation, it took between 6 weeks to 3 months. |
|
Hi, I don't have direct experience submitting an HealthConnect app yet, but someone I have collaborated with said that it was easy and quick to get approval (<1 month). However, they've been having problems with the published app, and it's not clear why yet, it may well be an issue from Google and not from them, it's still being investigated. |
|
We got approved for HealthConnect in 5 days. And it's really easy, just fill out the google from and wait, nothing compared to the old process with oauth... |
|
@MrJustreborn , that sounds not too bad, but can we send in the declaration form and ask for approval for Health Connect while our current app stil used the 2.1 plugin version with Google Fit? Or is it required to first send in an update where we use Health Connect? |
|
We did the same, we're currently using the old plugin and going through the CASA process. We have a second branch with updated plugin. |
dariosalvi78
added
the
googlefit-nosupport
|
Hello, anyone got any insights about the CASA verification process?? 2 - Tier 2 Self Scan Using Open Source Tools 3 - Tier 2 Self Scan Using Commercial Tools This is part of the email I got, and as I can imagine many of you also got. Has anyone gone through this? And if yes what path did you follow? Thanks in advance! |
|
Hi TeoMastro, I started the verification process using CASA Portal built-in Scanning, but i quit after the first scan. It's not just fixing the CWEs from the scan but they also ask tons of questions in that questionnaire. I then also read that the whole procedure can take weeks to months and thought it wouldn't be worth to go trough it as Google announced FIT api will be deprecated end of this year anyway. Asking permissions for Health Connect was much easier ( at least for my needs , read : steps, activity and distance) It was approved in a few days by filling i the Developer declaration form and making a short video about how i will use these permissions in my app. So i'm now making necessary changes to use latest the version of this plugin which uses Health Connect. |
|
Hi maswa, I have a question. Why do these two have to differ in terms of verification process? (I mean Google Fit and Health Connect). I would expect that both of these APIs would require somehow the same form of verification since the things they provide are very similar. Do you or anyone else know anything about this? (I really could not find anything online about that, at least for now). Thanks for your time and the insightful answers. |
|
I can answer that: Google Fit is first and foremost an online API (though it's not visible to the programmer, but it was born as such), which requires additional security. HealthConnect is a local API, it stays in the phone (though data is backed up by Google, like HealthKit is backed up on iCloud). My warm and strong suggestion: do not use Google Fit, it's very cumbersome to get an approval and, before you have finished the process, the API will be shut down. Doesn't make any sense to waste time on it. Besides, if you are planning to use this plugin, I have no interest in continuing supporting the Google Fit API, so you'll be on your own. |
|
@TeoMastro Seems to have raised a valid point regarding same verification process by google for both google fit and health connect. Do share your thoughts if its otherwise or did I interpret incorrectly? |
|
This is my interpretation, so take it with an abundant dose of scepticism: the difference is that, when accessing Google Fit, Google is responsible for ensuring that the data is treated legally and responsibly. This is because the user may not be involved in the process, because the API is served online (even though we use it locally, so it's a bit nonsense). When accessing HealthConnet, it's the user responsibility to give access to the data, not Google. In this case Google simply checks that the app does not doing anything evil or blatantly deceitful, which is probably not even needed, and leaves the decision to the user. It's a big difference legally speaking. I think that Google realised that the Google Fit API was a mistake and went the Apple way (local API), and I can only be happy about it. The checks that Google does for HealthConnect are much, much simpler than the ones for Google Fit, as it can be witnessed from the comments here, regardless of if you send the data somewhere or not. The conditions the list in the webpage you have linked are not verified, at least not all of them and not thoroughly, because it's impossible to do it reliably, and, most importantly, because they don't need to. It's a way for them to kick you out if they discover that you're doing something bad. |
|
Somes questions here: So, if we prepare a new version with new plugin. |
|
@Juanico18 I don't understand your question. If you move to HealthConnect all the Oauth stuff just becomes irrelevant. You can simply close the whole project on the Google Console. However, if you have an app that uses the Fit API and that app has been downloaded and is being used, you'd better wait until all your users have updated to the newer version of your app before closing the Fit API integration. |
Thanks,
|
|
yes to all |
I am using this plugin to get steps data and distance data (only read access) in my Android app and now google has asked to verify the consent screen. I entered all details and removed all scopes we don't need. Now in the next step of the verification process Google says i need to complete a security assessment for my application :
_**Thank you for your patience while we reviewed your submission for project ...... We need you to address the following items for us to continue your app’s verification:
You are required to complete a CASA security assessment for your application (project number: .......... by the following date: 2024-04-16. This assessment is required annually; to learn more, please visit the CASA website.**_
Has anyone ever needed to do this for using this plugin ? Or is Google sending us on the wrong track somehow?
The text was updated successfully, but these errors were encountered: