Third party app developers can read users’ messages on Gmail
July 4, 2018
Google has warned Gmail users to stay vigilant and to review privacy policies of third party apps before subscribing to such apps as they can read user messages in real time.
Following the publication of some reports that claimed Google reads Gmail messages of users, Google published a blog post recently in which it stated that it never reads users' emails except when a user authorises the company to do so or in cases where it needs to investigate a bug or abuse.
"We make it possible for applications from other developers to integrate with Gmail—like email clients, trip planners and customer relationship management (CRM) systems—so that you have options around how you access and use your email," Google said.
"Before a non-Google app is able to access your data, we show a permissions screen that clearly shows the types of data the app can access and how it can use that data. We strongly encourage you to review the permissions screen before granting access to any non-Google application," it added.
The company added that not only can a Gmail user view and control permissions within myaccount.google.com under “Apps with account access”, but can also take advantage of Security Checkup to view all non-Google apps that have access to data and to revoke previously-granted permissions to apps that are flagged as potentially risky.
"We do not process email content to serve ads, and we are not compensated by developers for API access. Gmail’s primary business model is to sell our paid email service to organizations as a part of G Suite. We do show ads in consumer Gmail, but those ads are not based on the content of your emails," it added.
Third-party access to emails an open secret
Commenting on the revelation that non-Google apps on Gmail can read users' emails, Evgeny Chereshnev, CEO and founder of Biolink.Tech, told TEISS that when a user connects through third-party email applications, the application has access to all content because, technically, your connection to the email application is via the mail server where all emails are stored. So, it’s true that all third-party email applications have access to your Gmail accounts, if you connected them.
"This type of access is going to going to continue, and people need to be aware that every time they connect to, or install, a third-party application on their mobile device, they are giving rights to those applications – often without even thinking about it. These applications gain access to users’ contacts, information about the user of the phone as well as things like GPS location, so this needs to be taken very seriously.
"Now that GDPR is in force, a lot of effort needs to be taken to create awareness around cybersecurity and privacy among the general population, not just security specialists," he added.
Jay Jay is a freelance technology writer for teiss. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines.
Ring, the small doorbell-maker that Amazon acquired last year, gave several employees unrestricted access to videos recorded by customers and customer videos were not encrypted as that would entail loss …
Microsoft Defender Advanced Threat Protection’s kernel sensors recently discovered a security vulnerability in a device management driver in Huawei MateBook laptops that allowed local privilege escalation and allowed unauthorised parties …
In yet another example of how unsecured cloud databases are rendering personal data belonging to millions of people exposed to criminals, an unsecured cloud storage repository that contained sensitive information …