Why Google shows "unverified app" when connecting Gmail

When you click Connect Gmail, you may see a Google screen warning that the app is "unverified" — sometimes labeled "Google hasn't verified this app" with an option to click "Advanced" → "Continue (unsafe)". This is expected during the CASA verification window and does not indicate any actual safety issue.

Why this happens:
Turtini's dedicated Gmail OAuth client uses Google "restricted" scopes (read, send, signature settings). Restricted scopes are subject to CASA (Cloud Application Security Assessment) — a third-party audit Google requires before showing a non-warning consent screen to all users.

The audit process:
• Verification submission: filed when the dedicated client went live
• Initial review: typically 4–8 weeks
• Audit fee + brand review + security review: handled by Turtini, no action needed from your org
• Outcome: once verified, the warning screen disappears and Google's "verified by Google" badge replaces it for everyone

What to do in the meantime:
1. On the unverified-app screen, click Advanced
2. Click Go to Turtini (unsafe) ← Google's exact wording, no actual risk
3. Continue with the regular consent flow — review the requested scopes and click Allow
4. The connection completes normally

The "unsafe" label refers to Google's verification status, not to anything Turtini actually does. Your data and credentials are handled the same way they were before the cutover.

Trust signals you can verify yourself:
• Turtini's privacy policy and security practices: turtini.com/privacy and turtini.com/security
• The OAuth scopes are what they were before the cutover — you can review them on the consent screen and revoke at any time at myaccount.google.com/permissions
• The dedicated OAuth client only requests scopes Turtini's Gmail integration actually needs

We'll publish a follow-up note when CASA verification completes.