Third-party app developers have access to millions of emails on the Gmail platform. This is according to a new report that was published by the Wall Street Journal. The access settings on the Gmail app allow app developers to see the emails of different users. They are also able to see private details including the recipient address, the entire message sent, and even the timestamps. The apps need consent from the Gmail account holders to be able to do this. However, the consent page doesn’t say that it will allow other people to read your emails and not just computers.
Google responded that it only gives its data to verified third parties. There’s also explicit consent needed from users. Google said that the vetting process involved first of all checking if the identity of a company is properly represented by its app. In addition to this, Google also investigates to see if the data the app is requesting is relevant to that company. The search engine giant said that there have been many app developers that have applied to get Gmail access but their requests have been denied.
Google employees may also be able to read emails but in very specific cases. The user must give consent in all cases. Google may also access emails for security reasons. For instance, if it’s trying to remove a bug or handle a malware attack on your account, some emails may be read by Google’s employees. The WSJ report also noted that it’s not just Gmail that gives access to third-party apps. Even other email providers are doing the same so this is something that really cuts across.
Some of the app developers who have access to people’s emails told the WSJ that it’s true that its human engineers can read hundreds of thousands of emails. However, they say that this is simply to enable them to train the machine algorithms to handle such data in the future. But most of these companies don’t specifically explain in their privacy settings that human engineers will get access to people’s messages. The only disclaimer they give is that they will be monitoring emails. A lot of people presume that this will be done using computer algorithms.
These conditions are almost similar to those that led to the Cambridge Analytical scandal. Letting third-party apps have access to user data is a common practice that has been going on for years. But even then, Facebook couldn’t stop third-party apps from abusing the data they had accessed. At the moment, there’s no evidence to suggest that there has been any kind of data misuse or abuse by third-party apps accessing Gmail accounts. But it does seem odd that a third-party application is able to read people’s emails. By all definitions, this is a very big privacy risk. It’s also not clear just how safe Google’s verification process of third-party apps is. The recent Cambridge Analytical scandal has made people paranoid and they have every right to be.
