Jun 26, 202541d ago

The Google verification warning & our commitment to you

The Google verification warning & our commitment to you
Cody Adam
Cody AdamFounder & CEO

First off, a huge thank you to our early users. Your feedback is invaluable as we build Dynbox, and your trust means the world to us. Recently, few users pointed out something very important: the "Google hasn't verified this app" warning that appears when connecting a Google Drive account is, frankly, a bit scary.

They are right.

We want to address this head-on, explain what it means, why it happens, and what our plan is.

What Is This "Unverified App" Screen?

When an application like Dynbox wants to interact with your Google Drive files, it uses Google's official API. To protect users, Google has a verification process to ensure that applications are secure and handle data responsibly.

If an app is new or hasn't completed this official review, Google displays a warning. This is a crucial safety feature to make you pause and ensure you trust the application you're about to grant permissions to.

The Path to Verification: A Look Behind the Scenes

For an app like Dynbox, which asks for permission to organize and manage your files, a simple verification isn't enough. We are required to complete what is known as a CASA Tier 2 certification.

The CASA (Cloud Application Security Assessment) framework  is a thorough security audit performed by an independent, Google-authorized lab. This process involves:

  • A deep review to ensure we meet high security standards.
  • A lengthy validation period, which typically takes about six weeks to complete.
  • A significant financial cost, starting at a minimum of $540, which must be renewed annually.

As a new, self-funded application, this presents a considerable hurdle. While we are 100% committed to completing this certification, the time and cost mean we can't get it done overnight.

This is our number one priority, and we are building towards it. We believe in our product and in earning your full trust, and the official Google verification is a key part of that.

Your Security is Our Priority Today

Even without the official "verified" checkmark from Google (for now), we want to assure you:

  • Secure Authentication: We use OAuth 2.0, the industry-standard protocol for authorization. This means we never see or store your password.
  • Data Encryption: All communication is encrypted in transit using TLS, the same technology that secures online banking and shopping.
  • You Are in Control: The Google authentication screen shows you exactly what permissions you are granting. The connection can be revoked by you at any time from your Google Account settings.
  • Purpose-Driven Access: We access your files exclusively through Google's secure, official API. Our access is used only to perform the organizational tasks you initiate within Dynbox and never for any other purpose.
  • We Value Your Trust: We are building Dynbox for the long haul. Earning and keeping your trust is the most important thing to us.

Thank you for understanding and for being a part of our journey. We will post a major update the moment our Google verification is complete.