Google admits third-party developers can read your emails

By

x
Real human developers can read your Gmail messages. But only if you let them.
Photo: Google

Privacy is a hot-button issue in 2018, and the latest target is Google after it was revealed that developers of third-party apps can read your Gmail messages. 

The thing is, you gave the application permission to do that. You just don’t remember. Or weren’t paying attention.

A surprising number of iPhone, iPad, and Mac users have a Gmail account. They prefer iOS to Android, but Google’s email system is their preference, not Apple’s. 

A Gmail privacy kerfuffle 

After long-running complaints from users, Google stopped scanning the contents of Gmail messages to create targeted ads last year. But the company still allows third-party applications to do so, according to the Wall Street Journal.

These services search through the emails for a specific reason. For example, Rakuten Slice is looking for confirmation emails from online retailers to help its subscribers track packages, get refunds, and similar services.

What skeeves so many people out is discovering that this process isn’t all done by computer. Some companies give human developers access to emails. 

This enables the developer to check if the code they’ve written to scan the text is finding what it’s supposed to scan. Or to know what to scan for in the first place.

A developer responds

Return Path was brought up in the WSJ report for allowing its employees to read 8,000 Gmail messages. This happened when it was creating tools for email marketers.

The company’s founder and CEO Matt Blumberg said that the Gmail messages were not handled casually. “Any time our engineers or data scientists personally review emails in our panel (which again, is completely consistent with our policies), we take great care to limit who has access to the data, supervise all access to the data, deploying a Virtual Safety Room, where data cannot leave this VSR and all data is destroyed after the work is completed.”

Google promises it cares about Gmail privacy

In hopes of calming some of the furor, Google pointed out in a blog post that “Before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process.”

The company checks to be sure that any application seeking access to Gmail messages is run by a legitimate business. Google also assures that the software is only doing what its supposed to do. The developer also needs a published privacy policy.

And Google also points out that it never enables a company to access the contents of your Gmail account without your permission.

Protect your own Gmail privacy

When signing up for services that are going to monitor your email, a pop-up warning from Google appears. This warns the user that the app “wants to access your Google account.” The user is then asked if they allow the app to “Read, send, delete, and manage your email.” Only if the user agrees can the software enter the account.

Anyone who has had a Gmail account for years should visit Google’s Security Checkup. This shows the applications that can access your accounts, and allows these permissions to be removed with a tap of a button.

Consumers waking up about privacy

Privacy was brought to the forefront of most people’s consciousness earlier this year when Facebook CEO Mark Zuckerberg testified to Congress about the Cambridge Analytica scandal. This related to a third-party company gathering data about Facebook subscribers, with this data eventually ending up being used by the Trump 2016 campaign, among others.

Many people are becoming concerned about Facebook and Google because their business model is to gather personal information about users and sell it to advertisers. Surrendering their privacy is how users pay for these “free” products.

Apple, on the other hand, believes strongly in protecting the privacy of iPhone, iPad, and Mac owners. An iOS pop-up window spells out this company’s beliefs: “Apple believes privacy is a fundamental human right, so every Apple product is designed to minimize the collection and use of your data, use on-device processing whenever possible, and provide transparency and control over your information.”