Google says it vets developers after reports of developers reading email messages

Google says it does not read your Gmail and vets third-party developers against such practice.

  • Published: July 4, 2018 3:16 PM IST

Google has published a new blog post that addresses the concerns around third-party app developers reading Gmail messages. A story from the Wall Street Journal yesterday detailed how third-party app developers were able to read Gmail messages and analyze the contents of a user’s message.

The Journal reported that Return Path and Edison Software, two third-party app developers building services with support for Gmail, allowed their employees to read user messages. The report brings into focus an industry-wide practice where data privacy seems to be abused in the name of improving the service. Return Path and Edison Software claimed that they take consent from the user before reading their messages.

Now, Google is outlining measures that a user and business organization using G Suite can do to protect their privacy and security. The blog does not share any specific insights into the industry practice but Google is reiterating that it has a process in place for vetting those third-party apps and services that seek access to sensitive Gmail user data.

“A vibrant ecosystem of non-Google apps gives you choice and helps you get the most out of your email,” writes Suzanne Frey, the director of the company’s Security, Trust, & Privacy division of Google Cloud in the blog post. “However, before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.”

The blog also offers few tips to ensure you data does not fall in the hands of not trustworthy sources. Frey recommends reviewing the permissions screen before giving access to a non-Google app and using Google’s security checkup tool to check what devices have logged into your account and which third-party apps have access to your Gmail account.

Watch: Apple iOS 12 Features

It is important to note that WSJ did not find any wrongdoing by these third-party app developers and Edison Software has since changed its practice. However, it raises concerns about whether these services can be trusted especially in the wake of Cambridge Analytica scandal where Facebook user data was harvested without consent.

Google announced that it would stop scanning the contents of Gmail users’ messages for offering insights to marketers last year. Frey notes that ads in the consumer version of Gmail is no longer targeted based on the contents of email. “To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”

  • Published Date: July 4, 2018 3:16 PM IST