The Wall Street Journal reports that software and application developers can access Gmail users’ accounts and read e-mail. The worst part is that this is a common case among many e-mail providers.
According to The Wall Street Journal, users who use holiday, travel, and shopping tools with Gmail accounts unwittingly accept certain usage terms and allow third-party developers to read their emails.
Google only allows approved apps to request email reading, and allowed apps can only use this data for targeted ads and referrals. But once you get permission, these companies are being followed closely by the curiosity and concern.
While Google has promised not to scan users ’emails before, according to Wall Street Journal’s article and sources, users’ emails are still “widely read”.
Representatives of some of the third party applications mentioned in the article said that strict rules were applied during the reading of personal data, and the article also underlines that there is currently no evidence pointing to any violations.
Regardless, it’s worrisome that our e-mail is being passed “in widespread fashion”. If you like, you can turn off settings like targeted ads from your Google account settings, but this may not be a stand-alone solution.
On the subject, we received the following remarks from Suzanne Frey, Managing Director of Google Cloud Security and Privacy, posted on the Google Official Blog on July 3, 2018:
“There are a variety of non-Google apps to give you the option to help you get the most out of your email, but before a published non-Google app can access your Gmail messages, it’s important to have the developer review it automatically and manually, and a multi-step review process that includes in-app tests performed to ensure that the page is working as specified by the application.
There are two basic requirements that non-Google apps must meet in order to pass our review process:
Identifying themselves correctly: Practices should not misrepresent their identities and should be clear about how they use your data. Practices can look like something and can not do anything else. The privacy statements should be clear and easily visible.
Requesting only relevant data: Applications should only be able to request (and not more) the data they need for their specified functions and be clear about how they use that data. We check to make sure that non-Google apps continue to adhere to our guidelines, and we will suspend the application anytime we find out they do not.
Additionally, when our users wish, they can go to the Google Security Control page to review all the applications they grant access along with other security settings, and remove permissions for the applications they request.
In organizations, G Suite administrators have the ability to control how users can access third-party applications by adding “Connected applications to the white list”. In this way, users can only be granted access to trusted applications that are examined by their organizations. “