Yesterday, The Wall Street Journal reported that Google still allows third-party developers to gain full access to users' Gmail messages a year after the search giant vowed to stop scanning their emails for personalization data. Following the report, Google has confirmed that third-party app developers are able to integrate with Gmail and access the private messages of its users.
Suzanne Frey, Director of Security, Trust, and Privacy for Google Cloud, said in a blog post that the goal of the third-party integration is to give users more options around how they use Gmail. Frey stressed that Google does this with a vetting process in place.
Before third-party developers can access private emails, they need to pass a review process comprised of multiple steps designed to both automatically and manually evaluate the developer, assess the app’s privacy policy - ensuring its legitimacy-, and test the app to verify its function. That means third-party apps must represent their identity accurately and request only the data relevant to their purpose.
Frey also reiterated the existing data controls users have at their disposal to examine the permissions they have given to third-party apps and take back the same authorization if necessary. It's worth noting that while Google's permission screen lets users view the types of data that can be accessed by apps, it doesn't allow them to choose which specific information is or isn't available to third-parties.
Google's statement comes amid escalating privacy concerns among users over how big tech companies are using their data. Frey maintained that although its automated data processing has cast a shadow over its privacy practices, "no one at Google reads your Gmail", save for specific instances which may warrant the scanning of emails for various purposes like investigating a bug or abuse.
45 Comments - Add comment