GitHub apps are slightly different than OAuth Apps.
GitHub Apps are per-repository "integrations" that don't perform actions on behalf of a specific user and are installed directly to a repo (with fine-grained permissions).
OAuth Apps are the classic "integrations" installed by a specific user and perform actions on behalf of that user.
I imagine they have lower requirements because they are new, more specialized, and likely to be installed a little less.
I also see that the security requirements are quite high. While its difficult to argue with source code security - here are some of the security requirements:
The standard annual risk assessment shall include, to the best of Developer's ability, the following:
(i) SOC 1 and/or SOC 2 audit report;
(ii) 3rd party proof of PCI compliance (a certificate showing Developer's handling of credit card payments is compliant);
(iii) Privacy Shield Attestation;
(iv) ISO Certification or Cloud Security Alliance Self-Assessment;
(v) Cloud Security Self Assessment;
(vi) any information on subcontractor or vendor production datacenter(s), IaaS, PaaS, or private hosting providers, as required by GitHub based on data and services rendered; and
(vii) Written responses and evidence of specific security requirements as outlined in this agreement
GitHub Apps are per-repository "integrations" that don't perform actions on behalf of a specific user and are installed directly to a repo (with fine-grained permissions).
OAuth Apps are the classic "integrations" installed by a specific user and perform actions on behalf of that user.
I imagine they have lower requirements because they are new, more specialized, and likely to be installed a little less.