A recent Wall Street Journal report has revealed that third-party app developers are reading Gmail messages of users and that too without needing any special permission. Apparently, the report takes a dig at Google for allowing many third-party app developers to sneak into its users Gmail messages under the promise of offering better products and services.
The report further states that Gmail user’s private email messages are not only exposed merely to companies but also even to their employees. While some of these companies make use of automated tools to go through users emails for useful keywords and phrases, others have got it done by asking their employees to go through the emails manually.
The WSJ report has cited examples of two app developers utilizing human reviewers for insights. New York-based Return Path and San Jose-based Edison Software, both scans Gmail users’ personal emails. While Return Path does it for training its software, Edison reads Gmail messages to develop new features for its email software.
Both companies say that their privacy policies and user agreements allowed them to do so.
Google issues a detailed response
Google has responded to the allegations through a blog post, saying that it already has mechanisms in place to prevent any unauthorized access to Gmail emails.
Suzanne Frey, director of security, trust, and privacy for Google Cloud, says,
“No one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse,”
Although Google mentions its own policies does not allow any manual access to its user’s emails it appears to have little control over what app developers outside Google do to those emails. The company states,
Before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does. We continuously work to vet developers and their apps that integrate with Gmail before we open them for general access, and we give both enterprise admins and individual consumers transparency and control over how their data is used.
Google transfers the responsibility on users itself
While the Search Giant says that it has a process in place to check the third apps for any wrongdoings it also lays part of the responsibility on the users.
Frey categorically mentions,
Transparency and control have always been core data privacy principles, and we’re constantly working to ensure these principles are reflected in our products. Before a non-Google app is able to access your data, we show a permissions screen that clearly shows the types of data the app can access and how it can use that data.
We strongly encourage you to review the permissions screen before granting access to any non-Google application.
