Google Allowed Developers to Read Messages Inside Gmail

About a year ago, Google, who had been mining users’ emails to serve relevant ads since 2004, announced that it stopped the practice. The move was meant to appease customer concerns about privacy.

But on Sunday, the Wall Street Journal reported that Google has been allowing hundreds of software developers access to the inboxes of its Gmail users. Google grants developers access into inboxes, provided that they are given permission by the users, for the purpose of creating apps that interact with Google services, such as adding events to their Google Calendars or sending messages from their Gmail accounts.

But some of those developers have created software that scan messages inside users’ Gmail accounts to profile them for marketing purposes. Even worse, in some cases, human employees were also able to read the messages.

For instance, employees at Return Path, a company that collects data for marketers, read about 8,000 unredacted emails to help train the company’s software, WSJ’s investigation revealed.

Similarly, employees at Edison Software, a company that develops an app for organizing email, read emails of hundreds of users while they were building a new feature.

Engineers at eDataSource Inc meanwhile reviewed emails to improve the company’s algorithms

We don’t know how Google controls this process. Though users are prompted to give permissions when linking their account to an external service – typically including the ability to read, send, delete and manage your email – it was generally assumed that computers did the scanning.

But none of those companies had asked users specifically whether they could read their emails but stated that the practice is covered by their user agreements. User agreements are rarely read by users – and you can’t blame them much as those agreements are typically exhaustively long and difficult to dissect.

If you are worried about your privacy, there is a way for you to see which 3rd parties have access to your inbox, what kind of access they have, and revoke access if you so choose.

  • Go to your Google Account homepage
  • Click on the ‘Sign-in & Security’ section
  • Click on ‘Apps with account access’

There you will be able to see which apps have permissions to access your account.