Google has confirmed that private emails sent and received by Gmail users can sometimes be read by third-party app developers, not just machines.
Despite assuring users to “remain confident that Google will keep privacy and security paramount”, the search giant is still reportedly allowing third-party app developers scan through Gmail accounts, the Wall Street Journal has claimed.
Google “continues to let hundreds of outside software developers scan the inboxes of millions of Gmail users who signed up for email-based services offering shopping price comparisons, automated travel-itinerary planners or other tools,” the report said late Monday.
In a statement, a Google rep said that the practice involved only vetted companies and that users are willingly agreeing to it, as they submit their accounts to this when granting apps email access.
“The practice of automatic processing has caused some to speculate mistakenly that Google ‘reads’ your emails,” the blog post says. “To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”
In contrast, the WSJ‘s report claims that Google “does little to police these developers,” which in some cases actually have their employees read users’ emails. According to the report, employees of a company called Return Path read about 8,000 user emails two years ago in order to help train its software.
Developers use software called an application programming interface (API) to create and connect applications with Google’s services. Like Android phone applications, when a user signs up to a service or platform they will be shown a message that asks permission for access to a range of data.
“Don’t request access to information that you don’t need,” it warns developers using its API Services.
If you want to check if any developers have permission to read yours, you can go to Google’s privacy checkup page. If you’re logged in with your Google account, you’ll see a tab titled ‘Third-party access’. Here you can review which apps have access to what data, and revoke any you like.