Earlier this week a report claimed third-party app developers could read messages in your Gmail account without your knowledge. Google now says that’s not true. Sort of.
Google published a blog post in response to the report saying it doesn’t read your email messages unless you grant explicit permission. Third-party apps can’t read your email, either, until they’ve gone through a multi-step screening process and get your consent.
Google’s Director, Security, Trust, & Privacy, Google Cloud Suzanne Frey said, “Gmail has world-class safety features, such as protections that allow us to prevent more than 99.9% of spam and phishing emails from reaching your inbox. In order to deliver these features, we conduct automatic processing of emails.”
She added that Google doesn’t process email messages to deliver ads. “The practice of automatic processing has caused some to speculate mistakenly that Google ‘reads’ your emails,” she said. “To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”
On third-party apps she says,
Before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.
In other words, third-party apps can read the messages in your Gmail account. The developers just need to get your consent first. That said, a developer could have consent to access the information in your Google account and read your email, but you may not realize you granted permission.
Consent may not, however, be much of a consolation for the people who had their email read by Return Path. The research company’s employees read some 8,000 uncensored email messages two years ago when they were working on automation software.
Luckily, you can control which apps can access your Google account. It’s probably worth checking out to make sure you really know what—or who—is reading your email.
Hey, Jeff:
I’ve got an idea. Wanna hear?
I think I’ll start a private snail mail delivery service. Yep.
And…I’m not going to charge people who sign up for it. Nope. No fees. Instead, for every individual who signs up for my service, I’m going to give their home and business addresses to every enterprise, corporation or nationstate front willing to pay for my clients’ mailing address, so that they can spam the bejesus out of my clients, which is good for my business, because I’m definitely going to charge those buggers. Oh, yeah! But my clients will never need to pay me a penny for delivering their mail. They’re going to love me, and they’ll be signing up in droves.
And…if ever I decide that I need to read any of my clients’ mail, for reasons of which I need only convince myself (afterall, there are no regulators looking over my shoulders since I’m a private sector concern even if soon to be publicly traded, and what private enterprise should suffer the regulators, eh?), then I’ll be reading their mail, you know, to improve my service and also to make sure that all spam is appropriately targeted. Don’t get me wrong; I will ask people to sign up to let me read their mail, but on occasion, I just may just have to pop open a letter or two thousand, just to make sure I’m doing a good job; know what I’m saying?
Are we good, or what?
In other words, Google don’t read their clients’ email…unless they do, meaning that consent is sub-optimally informed.
Glad we cleared that up.
The question is, if they decide that the need to read your email, and you’ve not ‘opted in’ for them to do so, do they, like US Customs inspectors, leave a little note in your bag (inbox) saying that they read said mail?
Why would they even ask?