EDIT: All right, there are certainly some strange things in these emails. As on the second photo that you post, it is indicated that the deadline was 18/03/2018? One year ago? And the 3rd said "follow these steps", and gave no step. But whatever, what I wrote below should still help.
Agree … So, let me tell you that I am not an API expert, I have never used the YouTube API or any other API. But above all BECAUSE ridiculously strict rules that these companies have put in place with their general conditions. That said, I know that you have checked the developer's policies to at least check the audit section of it … (IF e-mail is real 🙂 Make sure your work complies with all the rules in this strategy before granting them access because they will essentially test you to see if you are complying with the terms. Otherwise, they will probably end your access to the API.
It is very likely that these are real messages, although there are several ways to check. Try to hover over the name of the e-mail as follows, so that the contact appears. Or click on it (and hold it sometimes) to view the contact when it is on a mobile device.
If they used e-mail as a contact name, as would a phishing scam, would have pop up left, bold like that. Similar to Duolingo's situation on this image (although the real e-mail address appears on the right in my example). But if they do not have a contact name, it may end up by default. As noted above, checking the contact will allow you to see the real email on this second line and bypass the difficult phishers that use this technique.
After checking the contact, if that IS in fact the REAL e-mail address, so there is no doubt that they are real. No one else has access to email addresses @ @ google.com but to Google itself. So, if after hovering, there is no fake phony e-mail, it is almost 100% likely to be legitimate. Especially if you are connected via https. You can find out by looking in your address bar and if it has a lock sign on the left (or if it says https: // before mail.gmail.com.)
Another thing I would like to point out, however, is that the first link you created was a link to an application, not a compliance review, as what is asked of you now. They ask a lot because they want to make sure their API is used wisely and does not use the YouTube brand name, so to speak.
So, as I said. I am definitely not an expert in API. But I know some phishing scams, how to avoid them and basic Internet security. I hope I helped at least a little! I did not see anyone answer, and I thought, I can at least add my two senses and hope it will be better than nothing! haha
Let me know if it helped!
Have a good Joe!
And good luck with the project! 👍