Wednesday, 18 July, 2018

Google lets third-party developers read users’ private Gmail messages

Software Developers are Scanning the Inboxes of Gmail Users App developers have been reading your Gmail, and it's alarmingly common
Sherri Watson | 03 July, 2018, 19:57

Third-party developers may access emails on Gmail if users give them access to the data, that's the main takeaway from a new Wall Street Journal story (which I don't link to because paywall). Its rules also bar app developers from making permanent copies of user data and storing them in a database. Both companies say the practice is covered by their user agreements, and that they used strict protocols for the employees who read emails. eDataSource says it previously allowed employees to read some email data but recently ended that practice to better protect user privacy.

One such company is Return Path, which collects data for marketers by scanning the inboxes of more than two million people who have signed up for one of the free apps in its partner network using a Gmail, Microsoft or Yahoo email address.

One security expert said it was "surprising" that Google allowed it. "We have since stopped this practice and expunged all such data in order to stay consistent with our company's commitment to achieving the highest standards possible for ensuring privacy".

Google lets people connect their account to third-party email management tools, or services such as travel planning and price comparisons.

Google said only companies that had been vetted could access messages, and only if users had "explicitly granted permission to access email".

Normally, computers scan and analyse over 100 million emails per day, but Google allows third-party software to electronically scan the inboxes of millions of Gmail users. While many of these companies in question utilise machines to go through users emails for keywords and phrases, some of them have it done manually by their employees. Developers swear that manual access is used only оn rare and special occasions and is exclusively to improve customer experience, but we've heard that reasoning enough times to know it's just something PR representatives are forced to say. In other words: if you grant a company access to your email data, it may be that human employees read it. "Any time our engineers or data scientists personally review emails in our panel (which again, is completely consistent with our policies), we take great care to limit who has access to the data, supervise all access to the data".

Gmail has almost 1.4 billion users globally - more users than the next 25 largest email providers combined.