The tech giant has been forced into action after a news report revealed many third party apps have the ability to read private messages sent in Gmail.
A report from The Wall Street Journal revealed that hundreds of app developers have access to hundreds of millions of Gmail inboxes thanks to privacy terms users unwittingly agreed to when signing up for third party apps.
As of April 2018, Gmail, which is developed by Google, has more than 1.4 billion users.
The report mentioned two apps, Return Path and Edison Software, which both let employees read user emails to help develop their programs.
The apparent privacy breach has been hiding in plain sight as both apps mentioned obtained consent from users and mentioned the practice in their user agreements. Google also asks Gmail users for specific permission for a third-party app to read and manage email.
BREAKING: Google responds to Gmail controversy, details how third parties are vetted before they can access your Gmail messages.https://t.co/V4Jk6mGTPK
— CNET (@CNET) July 4, 2018
However, users often skim over or don’t understand privacy permissions and are unaware that human workers instead of bots could be reading their mail.
Professor Alan Woodward of the University of Surrey’s Department of Computer Science said it was completely impractical for users to thoroughly read all the fine print of apps.
“You can spend weeks of your life reading terms and conditions,” he said.
“It might well be mentioned in there, but it’s not what you would think of as reasonable, for a human being in a third party company to be able to read your emails.”
If this is true, no matter what is buried in the terms & conditions, this is going to far IMHO https://t.co/zrSWfkOkbU
— Alan Woodward (@ProfWoodward) July 3, 2018
Google’s response to the controversy
In response, Google Cloud’s Director of Security, Trust & Privacy Suzanne Frey has published a blog titled ‘Ensuring your security and privacy within Gmail’ after there was widespread concern about the practice.
The blog said users could visit the Security Checkup feature to review what permissions they had given to third party apps and revoke permissions where necessary.
— The Verge (@verge) July 3, 2018
Frey’s post also stated Google has an ongoing commitment to maintaining the privacy of users’ data and emails.
“Transparency and control have always been core data privacy principles, and we’re constantly working to ensure these principles are reflected in our products,” she wrote.
While there is no suggestion of any wrongdoing on Google’s part, in the wake of the Cambridge Analytica scandal, tech companies have needed to be more vigilant in terms of protecting the security of users’ data.
In 2017, Google announced it would stop the practice of scanning emails in order to deliver more targeted advertising.
Frey wrote: “To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”