Google allowing 3rd-party developers to scan your Gmail

Google allowing 3rd-party developers to scan your Gmail


If you want to be able to use a mail app on your computer to manage your Gmail account or your Google calendar, it needs to be able to read and delete messages or appointments. Many of these developers simply want to offer a new email app, help you sift through your emails, or do something else you can't achieve through Gmail's core experience.

One could say that users are responsible for granting access to their data.

"Google does little to police those developers, who train their computers- and, in some cases, employees - to read their users' emails", the report further stated.

"Some people might consider that to be a dirty secret", says Mr. Loder.

"Nevertheless, privacy advocates and many tech industry executives say opening access to email data risks similar leaks", the report said. Google itself is very strict about giving employees access to emails and limits it to situations where a security issue or bug requires it, or when users give Google explicit permission to do so according to the Wall Street Journal.

Google has confirmed that private emails sent and received by Gmail users can sometimes be read by third-party app developers, not just machines.

In a blog post, Google outlined how it works with outside software developers. An executive at another company said that the reading of emails by employees has become "common practice".

The popular email service, which has more than one billion users around the world, gave hundreds of developers outside the company full access to users' inboxes.

Before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process at the company, it said.

While these kind of apps do ask for user consent, numerous forms don't make it explicitly clear that a human will be reading through your emails, not just a machine. Employees of Edison Software apparently reviewed the emails of hundreds of its users to make a new feature for its mobile app that reads and organizes your email.

Frey also reiterated the existing data controls users have at their disposal to examine the permissions they have given to third-party apps and take back the same authorization if necessary. However, that level of anonymisation doesn't seem to apply to its third party developers. It "flags potentially risky apps so you can revoke any previously granted permissions that you are no longer comfortable with", she wrote. "Gmail's primary business model is to sell our paid email service to organisations as a part of G Suite", Frey informed.

  • Terrell Bush