This was the main roadblock towards launching DetoxBox. Without this approval, Google displayed a big scary screen that my application wasn't safe to use. I guess nobody would be willing to use it.
I need Gmail API access because I search for "unsubscribe" to detect emails from mailing lists. Other tools that I know of require you to enable IMAP in your Gmail account. I assume they asked for your password then, but I didn't go that far. I didn't want to change any settings, and I'm sure nobody would want to have a 3rd party server to download your emails. I promise my users that their emails never leave their browsers, and I don't even have a backend to get any of their data.