Third-party app developers can not only read the emails, they can see private details, including recipient addresses, time stamps, and entire messages.
This is despite assuring users to be “confident that Google will keep privacy, security paramount.” Gmail has nearly 1.4 billion users globally, more users than the next 25 largest email providers combined.
Google responded to the claim stating that they routinely check to see if the third-party developer is reputable and if the additional data makes sense for that company. An example would include an email app getting permission to access Gmail accounts. Gmail users are required to consent to this process. Google also denies access to other developers who have requested it. Additionally, Google employees will occasionally read Gmail messages from time to time, Tech Times reported.
In a letter sent to the lawmakers in July and made public on Thursday, Google said that developers may share your data with third parties for the purposes of ad-targeting, “so long as they are transparent with the users about how they are using the data.”
Google’s letter came in response to a request by Republican senators for information about the scope of the email content accessible to these third parties. In their letter to the company, the senators claim that one marketing company, Return Path Inc, read the private contents of 8,000 emails to train its AI algorithms.
Return Path told the Wall Street Journal at the time that, while it did not explicitly ask users whether it could read their emails, permission is given in their user agreements, which state that the company collects personal information including but “not limited to your name, email address, username and password.”
At least 379 apps available on the Apple and Android marketplaces can access users’ email data. In Google’s letter to Congress, the firm declined to say when, if ever, it has suspended an app for not complying with its rules.
Google itself has mined users’ emails since Gmail was launched in 2004, but announced last year that it would stop the practice, amid privacy concerns and a federal wiretapping lawsuit.
Now, privacy officials from Google, Apple and Amazon are preparing to travel to Capitol Hill next week, for a Commerce Committee hearing. There, the tech companies will be asked to “discuss possible approaches to safeguarding privacy more effectively.”
Everything you’ve ever searched for on any of your devices is recorded & stored by Google https://t.co/8KGgO0xT92
— RT (@RT_com) March 30, 2018
The hearing is another in a series of grillings faced by the tech industry since the Cambridge Analytica privacy scandal revealed in March that Facebook allowed a third party to collect personal information on millions of users. Google CEO Larry Page was invited to a Senate Intelligence Committee hearing on political bias, foreign interference and privacy on tech platforms earlier this month, but declined to show up, sending a written testimony instead.
Users who are concerned about their privacy can disable access for specific third-party apps by going to their permissions folder, clicking on an app, and clicking on “remove access.” It should be noted that if you want to use the app, you will need to grant them access.