About app review

If you want to publish an app publicly, it needs to be reviewed by Google before it’s published to ensure it meets Google's design, content, and style guidelines.

After Google reviews your app, you’ll receive an email about whether it’s approved or needs more work.

If your app requires additional work, you’ll receive a review document with specific information about what needs improvement. Address the issues and resubmit your app for review.
If the review team approves your app, it’s automatically published and you’ll receive a notification email.

Review duration

The review duration depends on how many apps have recently been submitted for review and how many corrections your app needs. It isn’t uncommon for a review to take several days to complete.

Areas of review

The following is a list of guidelines Google uses to review your app. To improve your chances of a speedy approval, make sure your app meets all the guidelines before you submit it for review.

Select the app integrations included in your app listing to view the relevant review criteria. You can click the column names to sort the criteria, for example, by category.

App integration	Category	Criteria
All	Name	There are no other app listings with the same name. The name doesn't include a version number. The name matches the name on the OAuth consent screen. The name isn't vague or too generic. The name is 50 characters or less. (Recommended) The name uses title case. (Recommended) The name doesn't have punctuation, especially parentheses.
All	Description	All provided links work and point to the correct information. For example, a link provided for a privacy policy points to a page describing the privacy policy. All provided links work and point to the correct information. For example, a link provided for a privacy policy points to a page describing the privacy policy. If the app interacts with a third-party service, the description explains what the third-party service does, how the app interacts with it, and optionally links to the relevant website. The short and detailed descriptions are easy to understand. The short and detailed descriptions aren't identical. (Recommended) The full set of attributes per language (name, short description, and detailed description) are defined correctly without language mismatch.
All	Functionality	There are no obvious bugs and all actions, including edge cases, are fully functional. Loading times are handled with loading indicators. The app demonstrates clear interactions with Google APIs. The app provides a new or extended functionality that isn't equivalent to what's already included in Google products. The app isn't meant for advertisement or spamming purposes. The app is fully functional and not meant for testing purposes—it's not a work in progress. If the app interacts with features that are available to users or paid users, a test account on the developer's system is provided for Google's review team.
All	User experience	The app, including its name, doesn't use Google brand assets, trademarks, or Google branded content. Authorization and login is required only once. The app uses one-click SSO or ideally zero-click SSO. After an admin grants permissions for the Oauth 2.0 scopes for the domain, individual users aren't prompted for scope permissions again. Users doesn't have to input login credentials after signing into their Google account. At most, they have to click a "Sign in with Google" button to get access. There are consistent, obvious, and understandable terms for button labels, menu items, titles, etc. For example, instead of Yes or No, labels refer to action names like Delete and Cancel. If login is required, the logout functionality works properly. Tokens are revoked and login can start from scratch. Apparent feedback is always displayed, such as confirmation or error messages, for actions. There are no broken image links or fuzzy images.
All	Graphics	Icons are sized correctly, square, and have transparent backgrounds. See Graphic assets. The icon properly represents the app's name and/or functionality. The icon is in color (not gray scaled). The icon doesn't use Google’s trademarks. Screenshots and images are not blurry, hard to read, or inappropriate, and accurately represent the app. (Recommended) Screenshots clearly show how to use the app and what it does.
All	OAuth	The app has passed OAuth verification, uses the narrowest OAuth scopes possible, and all scopes integrate correctly with Google Services APIs.
Google Chat bot	Name	The buttons to communicate with the bot are available from the description. The bot name starts with A-Z (uppercase) or 0-9. It can't start with a symbol. The bot name doesn't contain the word "Bot" in it.
Google Chat bot	User experience	The bot sends an unprompted welcome message every time a user starts a direct message or the bot is added to a room. And, the welcome message is different from the "Help" command. The bot supports the "Help" command and helps users get started using the bot. The bot always responds when spoken to in a room or direct chat. Messages use correct spelling, capitalization, punctuation, and grammar. Messages don't contain malicious, offensive or abusive material. Messages use clear, concise, and consistent formatting for text and/or cards according to the Google requirements. If a response takes longer than 2 seconds, the bot sends a message explaining the delay. Bots that send notifications let users turn the notifications off. Bot UI is responsive on mobile. Users can add the bot to a room via @mentioning. Users can remove the bot from a room using the View member menu. The bot indicates to the user everything that is necessary to interact with it. The Cards format the bot uses meets Google requirements. See Create interactive cards. The bot is available from the Find a bot option in the Chat menu. External URLs that the bot interacts with don't belong to a staging or development environment. The @mention is required in every message to the bot in rooms. That's the only way the bot knows that it needs to respond.
Google Chat bot	Graphics	The bot has a recognizable and clear avatar.
Drive app	Functionality	The app doesn't use Chrome extensions to provide functionality by manipulating the Drive HTML directly.
Drive app	User experience	If the app stores files in Drive, it allows users to pick a folder or creates and reuses an app-specific folder. Configuration data can be stored in an App Data folder. The app doesn't dump files into the user's My Drive folder. The app only stores files in Drive that are connected to the documented functionality of the app.
Editor Add-on	Functionality	"Expected and required actions are included in the add-on, and it provides all the tools needed to complete its workflow. For example: If the add-on applies styling to the entire document, it also has an option to apply the styling only to selected text. If the add-on uploads spreadsheet data to a webservice feed, it has a link to that feed for easy navigation. If the add-on requires the user to have an account, it provides links or info to easily create a new account if the user doesn't already have one. The add-on has menu items under the Add-ons tab. Even if the add-on is just custom functions, it still includes proper documentation. The add-on correctly uses `onInstall()` and `onOpen()` to populate its menu. The menu items populate when the add-on is first installed and when a different file is opened. See Editor add-on authorization. Authorization modes are setup correctly. See Authorization modes.
Editor Add-on	User experience	The add-on provides all the information necessary to have a basic understanding of the product and how to use it. The add-on's code doesn't use libraries excessively, because libraries can cause the add-on to lose performance. Errors are avoided if possible and handled properly if not: Error messages are displayed in a dialog window, not a JS alert or the default red bar. They communicate the problem and explain what the user needs to do to fix it in plain, simple language. When possible, if the user is doing something wrong, a button is displayed that fixes the issue for them. For more information, see the add-ons style guide. Links to outside pages open in new windows and go to the correct pages. The add-on is intuitive and designed well. This means: It's always clear what to do and how to do it. The add-on is accessible and easy to understand. Unnecessarily technical terms and jargon are avoided. Workflows are clear and facilitated as much as possible. The user and their content is as safe as possible. The add-on follows the Google UI Style Guide and uses the Google CSS Package. The add-on only uses one blue primary action per display. The add-on displays one dialog at a time. It doesn't overlap or have multiple up at a time. The add-on's UI fits neatly in allocated spaces: Text and labels aren't cut off with “...” The user doesn't have to do a lot of vertical scrolling. Content width doesn't extend beyond 300px so that it doesn't have a horizontal scrollbar. The add-on requires confirmation or displays warnings for all sensitive actions. For example, if the add-on is about to overwrite all the content in a spreadsheet, the user is warned and confirms the action before it happens. Design changes can remove the need for problems like these. For example, a Sheets add-on imports data which creates a risk of overwriting existing content. The risk can be removed entirely by creating a new sheet for the data as the default action. Users can't trigger actions multiple times while an action is loading. For example, buttons are disabled or hidden while an action is loading.
Google Workspace Add-on	Name	(Calendar add-ons) If the add-on uses `calendar.name` or `common.name`, the name in the manifest is identical to the name provided in the app listing. If the add-on uses `calendar.conferenceSolution`, the conference solution name doesn't contain “Google Calendar.” (Recommended) If the add-on uses `calendar.conferenceSolution`, the conference solution name doesn't exceed 30 characters.
Google Workspace Add-on	Functionality	The add-on uses the correct widgets for the desired functionality. See Widgets. For example, use a switch to select a boolean value. (Calendar add-ons) Login functionality is mobile-friendly. Secondary calendars and delegation are supported, or if not supported, handled gracefully. For example, a conference creation doesn't fail if the user selects a different calendar they have edit access to when creating an event. Recurring events work correctly. If the add-on uses `calendar.conferenceSolution`, at least one conference solution is provided. If the add-on provides conferencing solutions, appropriate conference data fields are used. For example, video conference links, phone numbers, SIP links, access codes, and other supported attributes use structured data fields and aren't provided in the notes field. If the add-on provides conferencing solutions, it only edits conference details and no other event fields. If the add-on provides conferencing solutions, the conference creation takes less than 5 seconds. (Gmail add-ons) If the add-on uses `UrlFetchApp` or `OpenLinkUrl`: The URL is valid. The URL uses HTTPS not HTTP. The full domain is specified. The path is not empty. For example, `https://altostrat/` is okay, but `https://altostrat` isn't. Wildcards can't be used in UrlFetchApp.
Google Workspace Add-on	User experience	The add-on has a homepage. If your Google Workspace add-on is a converted a Gmail add-on, a default homepage is applied. The add-on's card behavior functions properly. For example, there aren't duplicated cards; Back, refresh, and update buttons work accordingly. After the user authorizes the add-on, it displays a customized homepage card to welcome the user with a button for login (if needed), logo, and brief description of the add-on. If the login button is present, when it's triggered, it presents a customized login page from the third-party vendor that clearly indicates there's a third-party service working outside of Google Workspace. The add-on's UI fits neatly in allocated spaces: Text and labels aren't cut off with “...” The user doesn't have to do a lot of vertical scrolling. Content width doesn't extend beyond 300px so that it doesn't have a horizontal scrollbar. The add-on's code doesn't use libraries excessively, because libraries can cause the add-on to lose performance. (Calendar add-ons) If the add-on provides conferencing solutions, the conferences created are valid and displayed correctly on the third-party conferencing website. (Drive add-ons) If the app stores files in Drive, it allows users to pick a folder or creates and reuses an app-specific folder. Configuration data can be stored in an App Data folder. The app doesn't dump files into the user's My Drive folder. The add-on only stores files in Drive that are connected to the documented functionality of the add-on. (Gmail add-ons) The add-on doesn't mention or link to Chrome extensions without justification. The More actions menu contains universal actions that work properly. For example, Log out, About, Support, etc.
Google Workspace Add-on	Graphics	(Calendar add-ons) The logo for the conferencing solution is a public URL. See Provide conference solution logos. If the add-on uses `calendar.conferenceSolution`, the logo of the conference solution follows the `calendar.logoUrl` requirements. See Calendar manifest resource. If the add-on uses `calendar.logoUrl` or `common.logoUrl`, the logo is identical to the icon provided in the app listing. If the add-on uses `calendar.logoUrl` or `common.logoUrl`, the URL of the logo starts as follows: `https://lh3.googleusercontent.com/`
Google Workspace Add-on	OAuth	(Drive add-ons) (Recommended) If you want to receive limited-metadata, the add-on includes the `drive.addons.metadata.readonly` scope.
Web app	Functionality	The universal navigation URL points to a web app. A simple webpage without functionality is not considered a web app.