Personal Safety

Google in hot water over third party developers access to read emails – Tech News

Google in hot water over third party developers access to read emails – Tech News

Google has been forced to respond to claims regarding Gmail third party developers having access to read the emails of users.
Quote: Third-party app developers can read the emails of millions of Gmail users, a report from The Wall Street Journal highlighted today. Gmail’s access settings allows data companies and app developers to see people’s emails and view private details, including recipient addresses, time stamps, and entire messages. And while those apps do need to receive user consent, the consent form isn’t exactly clear that it would allow humans — and not just computers — to read your emails.
The Verge
Quote: Some of those “trusted” companies include email managing firms Return Path and Edison Software, which have had opportunities in the past to access thousands of email accounts. The
WSJ talked to both companies, which said they had human engineers view hundreds to thousands of email messages in order to train machine algorithms to handle the data. Both Return Path’s and Edison Software’s privacy policies mention that the companies will monitor emails. Still, they don’t mention that human engineers and not only machines have access.
The Verge
Quote: “A vibrant ecosystem of non-Google apps gives you choice and helps you get the most out of your email,”
reads the company’s blog post , written by Suzanne Frey, the director of the company’s Security, Trust, & Privacy division of Google Cloud. “However, before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.”
Frey offers a few tips to ensuring your data is in the hands of trusted sources. Those include reviewing the permissions screen before giving access to a non-Google app and using the company’s Security Checkup tool to check what devices have logged into your account, which third-party apps have access to your Gmail, and what permissions those apps have. She also says Google’s review process is designed to ensure companies and individuals do not misrepresent themselves and only request data relevant to the function they’re providing.
The Verge
Sources:
Original article from The Wall Street Journal: https://www.wsj.com/articles/techs-dirty-secret-the-app-developers-sifting-through-your-gmail-1530544442
The Verge Article – pre-Google blog: https://www.theverge.com/2018/7/2/17527972/gmail-app-developers-full-email-access
Google’s blog: https://www.blog.google/technology/safetysecurity/ensuring-your-security-and-privacy-within-gmail/
The Verge Article – post-Google blog: https://www.theverge.com/2018/7/3/17533108/google-gmail-privacy-read-email-messages-response
It looks like the fallout from Cambridge Analytica have hit Google has they are forced to clarify their position on data handling and access. It should also be noted that the user is prompted to grant an app the permissions the access/manage the email, it just appears that users aren’t taking into account exactly what this means. This isn’t going to be the last time that a company like Google, one that holds user’s personal/sensitive data, is highlighted in this way, but now there will be more scrutiny than ever.
This is something that I’ve come to expect, especially after using Gmail for so many years, so it hasn’t surprised me at all. However I can see how it might frustrate/anger others. I think a lot of people knew that Google scanned their emails for advertising targeting (despite that was stopped last year), but I don’t think they expected non-Google companies to also have practically unfiltered access to their emails.
Whilst Google claims they have good procedures in place to prevent unauthorised access or mistreatment, it would only take one rogue developer to slip through the net to cause some significant damage to Google.

Read More…