How does this affect open-source apps? The other day we had a thread about using Emacs as an email client, and I linked to docs on how to get offlineimap to work with XOAUTH2. The Google docs currently say that you can opt in to using apps under development - so in practice, an end user of an open-source app can go to the Google developer console, get a key, and put that in their personal config file - but it sounds like that conflicts with the spirit of these policies. Is that changing?
> Applications that only store user data on end-user devices will not need to complete the full assessment but will need to be verified as non-malicious software. More information about the assessment will be posted here in January 2019. Existing Applications (as of this publication date) will have until the end of 2019 to complete the assessment.
Not clear what "verified as non-malicious" means in this case, w.r.t. cost.
https://developers.google.com/gmail/imap/xoauth2-protocol