The security review team checks that your add-on requests the correct OAuth scopes. Ensure that the following scopes have been configured on the Marketplace SDK configuration screen:
auth/userinfo.email(added by default)
auth/userinfo.profile(added by default)
Ensure also that the following scopes are requested by your add-on:
The GWM review team creates a video demonstrating the add-on's consent screen with the scopes presented to users and the basic functions of the add-on. They upload an unlisted video to YouTube and send the link to you; it can only be reached using the link. You're prompted for the video link when starting the OAuth verification process. The security team then views the video when reviewing your add-on.
For more details on Google's security review, visit OAuth API verification FAQs.