Google won't verify my app. So I built a modal that explains their own warning screen.

Launched InboxClean about three weeks ago — a Gmail cleaner that scans your inbox and lets you unsubscribe from spam in one click.

The product works. People are using it. But I keep watching signups drop off at the exact same step: the Google OAuth screen.

You know the one.

"Google hasn't verified this app"
The app is requesting access to sensitive info in your Google Account. Until the developer verifies this app with Google, you shouldn't use it.

Then a big Back to safety button, and a tiny grey "Advanced" link buried at the bottom.

Most people just leave.

The verification problem nobody talks about

I submitted for Google OAuth verification. I have a privacy policy, a working product, a real domain, real users. I did everything right.

Google's estimated review time: 4–6 weeks. And that's if they don't ask for more information, which apparently they often do.

Meanwhile I'm blogging about the product, building in public, posting on here, doing everything to drive signups — and a non-trivial percentage of people are bouncing off a screen I have zero control over.

The word "unsafe" is doing real damage. It's not that my app is unsafe. It's that unverified is Google's word for "we haven't reviewed it yet." But users read "unsafe" and they're out.

The fix: a modal that explains the warning before they see it

Instead of sending people blind into the Google OAuth flow, I now intercept every sign-in click with a modal that prepares them for what's coming.

It shows:

A warning icon and the headline: "Google will show a warning"
Three steps: click Advanced → click "Go to InboxClean (unsafe)" → allow access
A plain-English explanation of what "unsafe" actually means in this context
A trust note: "We only read email headers — never body content. No data sold."
A green "I understand — Continue with Google" button
That's it. One extra click before the scary screen, and now the scary screen isn't a surprise. It's expected. And they know exactly what to do.

Does it work?

Too early to have real numbers — just shipped it today. But the logic is sound: the drop-off isn't happening because people distrust InboxClean. It's happening because they don't understand what they're looking at. I think and hope the modal fixes the information gap.

I'll update this post in a few weeks with before/after conversion data.

The broader lesson

Building on top of Google's infrastructure means playing by Google's rules — including their verification timeline. You can't speed that up. What you can do is reduce the friction your users experience while you wait.

Transparency > waiting. Tell users what's happening. Tell them why. Tell them how to proceed anyway. Most people who want your product will use it if you just explain the situation honestly.

Also: if you're in the same boat, go submit for verification today even if your app isn't "ready." The clock starts when you submit, not when you feel ready. 4–6 weeks is a long time to leave on the table.

What's next

Waiting on Google. Building in the meantime. The modal buys me time — now I need to make sure the product earns that trust.

If you're building something that uses Google OAuth and you've been through verification (or are stuck waiting like me), I'd love to hear how you handled it.

InboxClean is at https://inboxclean.email — it's free to start, no credit card. Scans 1,000 emails and finds everything you've been meaning to unsubscribe from for years.