Yeah, reading further that might be the case. My initial scan said that the apps had to be present in the chrome market and approved. But the REST API looks like it just authenticates via OAuth and does the I/O directly by the client (FWIW: the OAuth authentication would be an annoying step for a background FUSE daemon, but not insoluble). I don't know which is correct.