I believe Gmail switched at that time to pushing you to use effectively a Gmail-proprietary method to authorize access to a Gmail account. Nobody else was doing it at the time, I think official OAuth scopes actually came later.
And bear in mind, OAuth to authorize mail access is weird. Generally speaking, mail clients use IMAP or POP3 and SMTP. One of the more popular open source Android mail clients, K-9 mail, still doesn't support it: https://github.com/k9mail/k-9/issues/655
But the biggest issue is that, like the "unknown sources" checkbox in Android, Google uses scare tactics to discourage non-Google-proprietary apps and protocols. Use Google apps on Google devices only, otherwise you'll have to authorize "less secure" things.
And bear in mind, OAuth to authorize mail access is weird. Generally speaking, mail clients use IMAP or POP3 and SMTP. One of the more popular open source Android mail clients, K-9 mail, still doesn't support it: https://github.com/k9mail/k-9/issues/655
But the biggest issue is that, like the "unknown sources" checkbox in Android, Google uses scare tactics to discourage non-Google-proprietary apps and protocols. Use Google apps on Google devices only, otherwise you'll have to authorize "less secure" things.