The Gmail verification wall#

The blocker that makes this project unviable as a solo side project.

The mechanics#

Gmail’s API is gated by OAuth scopes. The scopes this product needs are classified by Google as:

  • gmail.metadata — headers and labels only, no body. Sensitive scope. Lighter verification, no security assessment.
  • gmail.readonly — read messages and bodies. Restricted scope.
  • gmail.modify — read + change message state (mark read, archive, label). Restricted scope.
  • gmail.send — send mail (for reply/forward). Restricted scope.

The product as designed needs gmail.modify (for the rail’s archive/delete) and gmail.readonly (for tap-to-view full email and future richer cards). Both are restricted.

Restricted scopes require:

  • Google verification (privacy policy, branded consent screen, demo video, domain ownership).
  • An annual third-party CASA security assessment, paid by the developer.
  • Re-verification yearly.

Realistic cost for an architecturally simple app: $2-5k/year for the assessment, plus 40-80 hours of paperwork and back-and-forth per cycle.

Without verification, the only paths are:

  • Personal use by the developer only — no review, no cost, no audience.
  • Unverified app, capped at 100 test users — others see a scary “Google hasn’t verified this app” warning during OAuth.

Why metadata-only isn’t a workable fallback#

gmail.metadata would let the app show the v1 card (sender + subject + time) without verification cost. But it kills the rest of the product:

  • No archive/delete via API → the rail becomes “deep-link to Gmail and do it there.”
  • No tap-to-view full email in-app → the app becomes a browser for the inbox, not a client.
  • No body access → no schema.org cards, no future AI summarisation, no enhancement path.

What’s left is “a TikTok-style discovery layer for Gmail,” which is a different and weaker product than the one designed.

Why this kills the side-project version#

The economics only work at scale:

  • $1.99/mo × 1-3% freemium conversion × 5,000-25,000 MAU is needed to net $2-5k/year after Apple’s cut.
  • For a solo developer with no marketing budget in a saturated category, reaching that MAU takes 12-24 months of organic growth.
  • During those 12-24 months, verification cost is paid up-front and annually, with no revenue.
  • The developer has no personal interest in using the app themselves, so there’s no personal-use path to defer verification indefinitely.

The shape of project that fits the constraints would: be personally useful to the developer, have no regulatory toll booth, and have zero marginal cost per user. This project has none of those.

Backward Enhancements (deferred)