Google just emailed me to tell me that I should, "take action against suspicious apps that can access your data"... but the app in question was a Google Drive API token I made for a thing I am personally developing .-.

Signed in to my work email today and saw an email from google that they thought it was suspicious because "there was a login from a new location."
If I was a bad guy signed into someone else their gmail I would force delete that email right? Its just there to annoy us.

Also for signing in it wanted my phone number to verify I'm the rightful owner. Couldn't pass the thing so I signed in another way. How does one verify an account with a phone number I never gave to google?

@Codex404 That email goes both to your gmail account and the backup email specified at signup. That's at least something...

@Vuetiful it was my company email, so I dont have a backup mail

You should check where this apikey was last accessed from. They usually don't send those emails by random.

Google knows it needs to protect you from yourself :)

@McSebi they usually do. Basically every time I access my work email xD