[dktoao]

Even for non-Gmail apps, this process is incredibly painful. I have an app that has been stuck in the process for weeks. Once you have read through the incredibly confusing and out of date documentation and submit what you think is the correct set of setting to comply with their policy, you then have to deal with the reviewer who will email you once every week if you are lucky. Usually to understand what they are asking you to fix you have to email them back and forth a few times. I love the platform, but they need to fix this aspect of it.

[creeble]

They emailed you once a week? You are indeed lucky.

I guess I need to bug them more, I haven't heard anything in weeks (busy with implementation).

One warning: choose the email address for your Google developer account carefully, there doesn't seem to be a way to change it later. It is forever tied to your permissions and approvals, afaict.

[hw]

We've been in the Oauth review process for almost a month, and getting maybe 1 response per week as well. Plenty of times it's just the reviewer not reading the instructions we sent them and, well, time to wait another week. Then there's them saying our app doesn't need to be verified (apparently reviewer was looking at a different API permission instead of the ones we requested for OAuth), so there's been a bunch of unnecessary back and forth.

We've gone through app review processes at other companies like Facebook, and it's all the same - plenty of time wasted with mostly ineptitude on the reviewer's side. Sometimes it feels like there's just one person working in Google/Facebook's basement doing these app reviews for minimum wage.

I understand the need to be thorough on these app reviews especially if the app touches sensitive user data, but when the reviewer doesn't even read the instructions provided to them properly, would you trust them to be thorough when it comes to ensuring the apps aren't malicious?

[samcrawford]

Worse still, in six months times the requirements will change and your previously approved scopes will no longer be approved. I've also had to deal with broken OAuth verification forms on Google's site (400 errors from their backend, with no UI feedback), and the complete inability to get a response from a human.