The Wall Street Journal today reported Google having allowed third-party developers of Android apps to read millions of Gmail messages. The Gmails access settings allow data companies and app developers to see emails and private details. These details also include recipient addresses, timestamps, and entire messages.
Though such apps need to receive user consent, the consent form isn’t clear that it would allow humans and not just not just computer to read your emails.
Speaking to net media Google said it only gives data to the evaluated third party
There have been instances where some developers have applied to get access to Gmail, but have been refused, though the exact numbers have not been disclosed.
Google told the Wall Street Journal – “ Employees may also read emails but only in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”
There are a lot of apps with this access, from Salesforce and Microsoft Office to relatively unknown email apps. Generally, when you give the app permission to read your email, you will get a request similar to the one shown below.WSJ further reported it was not only Google that has these issues as other email services besides Gmail also provide similar access. Email managing companies like Return Path and Edison Software, also have had opportunities in the past to access thousands of email accounts.
Later speaking to both the companies WSJ reported they also have human engineers who view hundreds to thousands of email messages in order to train machine algorithms to handle the data. Privacy Policies of both Return Path’s and Edison Software’s states that the companies will monitor emails. Though there is no mention that human engineers and not only machines have access.
This is a similar incident with conditions that led to Facebook’s Cambridge Analytica data sharing disaster, where a common practice for years of allowing third-party apps access Facebook data, was eventually abused and fell under government and public scrutiny once it became well known.
Though there has been no evidence that the third-party Gmail add-on developers have misused data, just being able to view and read private emails seems like crossing a privacy boundary. The recent attack highlighted the vulnerabilities of Google’s permissions system and it is not clear how secure this system really is.
Also Read: How To Download Torrents Anonymously