The tech giant has been forced into action after a news report revealed many third party apps have the ability to read private messages sent in Gmail.

By Daniel Herborn

Posted on July 4, 2018

A report from The Wall Street Journal revealed that hundreds of app developers have access to hundreds of millions of Gmail inboxes thanks to privacy terms users unwittingly agreed to when signing up for third party apps.

As of April 2018, Gmail, which is developed by Google, has more than 1.4 billion users.

The report mentioned two apps, Return Path and Edison Software, which both let employees read user emails to help develop their programs.

The apparent privacy breach has been hiding in plain sight as both apps mentioned obtained consent from users and mentioned the practice in their user agreements. Google also asks Gmail users for specific permission for a third-party app to read and manage email.

However, users often skim over or don’t understand privacy permissions and are unaware that human workers instead of bots could be reading their mail.

Professor Alan Woodward of the University of Surrey’s Department of Computer Science said it was completely impractical for users to thoroughly read all the fine print of apps.

“You can spend weeks of your life reading terms and conditions,” he said.

“It might well be mentioned in there, but it’s not what you would think of as reasonable, for a human being in a third party company to be able to read your emails.”

Google’s response to the controversy

In response, Google Cloud’s Director of Security, Trust & Privacy Suzanne Frey has published a blog titled ‘Ensuring your security and privacy within Gmail’ after there was widespread concern about the practice.

The blog said users could visit the Security Checkup feature to review what permissions they had given to third party apps and revoke permissions where necessary.

It went on to say that Google reviewed app developers both manually and through an automated process to ensure any apps asking for access to Gmail messages was legitimate and had a thorough privacy policy in place. To meet Google’s requirements, third party apps must accurately represent themselves and only request access to data they specifically need for the operation of the app.

Frey’s post also stated Google has an ongoing commitment to maintaining the privacy of users’ data and emails.

“Transparency and control have always been core data privacy principles, and we’re constantly working to ensure these principles are reflected in our products,” she wrote.

While there is no suggestion of any wrongdoing on Google’s part, in the wake of the Cambridge Analytica scandal, tech companies have needed to be more vigilant in terms of protecting the security of users’ data.

In 2017, Google announced it would stop the practice of scanning emails in order to deliver more targeted advertising.

Frey wrote: “To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”