GenlyAi: - The 'integration' codes are publicly available (including to us and to GOG devs). If there were a problem by then, they'd be found by now.
Open Source is by far not a solid argument for secure software, just because it could be scrutinized. There were enough bugs in widely used OSS that were not found close to their time of introduction like Heartbleed in OpenSSL.
I have the same concerns like Blair_180781 and would like to know if the integrations are checked before made available in the Client.
Also it feels kind of deceptive to speak of "official Integrations" that could be provided by the companies linking to, like Microsoft for Xbox Life, and that the "Community Integrations" are provided officially by GOG themselves using the platform's APIs.
But no, it's third party developers and I haven't found something that indicates GOG actively checking it, but only the Privacy Policy saying "Please know that community integrations may be governed by separate private policies and we are not responsible for their use of your personal and non-personal information" which is weak. They are essential that thing that makes GOG 2.0 stand out and are offered in the client, without indicating this in the client itself.