Recommended for Google Workspace
You can assess which Google Workspace Marketplace apps are more secure, reliable, and well-integrated with Google Workspace services by looking for the Recommended for Google Workspace label.
Recommended for Google Workspace apps are reviewed by Google and an independent third-party security firm to ensure they meet our integration and security requirements. To ensure ongoing reliability, we review an app every 12 months.
Note: Google might have a commercial relationship with some app providers.
Evaluating integration requirementsGoogle evaluates Recommended for Google Workspace apps to ensure Google Workspace APIs best practices are met. Evaluation includes, but is not limited to, the following:
Google Workspace integration
The app provider:
- Monitors daily Google APIs quota consumption.
- Implements backoff retry strategy for HTTP 4xx and 5xx errors.
- Follows Google OAuth, OpenID, Google APIs, and SSO best practices.
- Follows Google Cloud best practices if the app is deployed on Google App Engine and Compute Engine.
Application deployment
The app provider:
- Supports regionally diverse deployments.
- Supports deployment on several browsers and devices.
- Develops a rollback plan for any major deployment.
- Maintains a staging environment for testing and debugging.
- Implements a deployment strategy that can scale ten times its current user base.
- Maintains an on call rotation of engineers during customer deployments, product errors, failures, and outages.
For more information about the Google Workspace APIs best practices, go to the Google developer site.
Google collaborates with third-party security penetration testing firms on a formal information security evaluation of each Recommended for Google Workspace app. Additionally, Google assesses Recommended for Google Workspace apps based on their security policies and compliance.
Security policies
The app provider:
- Implements an information security policy that is periodically reviewed, approved by the provider's senior management, and communicated to all employees.
- Implements an incident response and risk management policy that is periodically reviewed, approved by the provider's senior management, and communicated to all employees.
- Implements a vulnerability disclosure program.
Security compliance
The app provider:
- Conducts frequent internal network and app penetration tests.
- Engages accredited third parties to periodically audit internal security controls.
In collaboration with a third-party firm, Google evaluates the security of each Recommended for Google Workspace app with a focus on vulnerabilities as outlined in the OWASP Top 10 Program.
Since the app is reviewed on an annual basis, app providers and customers should conduct an internal or external network and web-application vulnerability scan before updating the app.
Editor's choice
Editor’s choice is a collection of apps curated by Google that are separated into categories based on the app’s functionality.
To be eligible for the Editor's choice category, an app must:
- Be a Google Workspace add-on.
- Be a publicly listed app available for an individual install.
- Has 100,000 or more installs, or 10,000 or more installs for apps published in the last 6 months.
- Be free, freemium, or have a free trial.
- Meet all publishing review criteria.
Work from everywhere
Work from everywhere apps help your organization be more productive. This category includes communication and collaboration apps, engagement apps for remote teams, and time management and digital wellbeing apps.
Business essentials
Business essentials apps help increase workflow productivity. This category includes apps for CRM, billing solutions, product management, communication, marketing.
Apps to discover
The Apps to discover category includes apps that are new and innovative.
