Third-party developers may access emails on Gmail if users give them access to the data, that's the main takeaway from a new Wall Street Journal story (which I don't link to because paywall). Google does little to police those developers, who train their computers-and, in some cases, employees-to read their users' emails, a Wall Street Journal examination has found.
Mikael Berner, CEO of Edison Software, a Gmail developer that offers a mobile app for organizing email, told the Journal that emails from hundreds of Gmail users were read by employees as part of an effort to build a new feature.
If you're concerned about third-parties potentially reading your messages you can stop this by visiting Google's Security Check-up page. Gmail users who signed up for "email based services", "shopping price comparisons", and "automated travel-itinerary planners" are most at risk of having their private messages read, according to the Journal.
Google's developer agreement prohibits exposing a user's private data to anyone else "without explicit opt-in consent from that user".
Normally, computers scan and analyse over 100 million emails per day, but Google allows third-party software to electronically scan the inboxes of millions of Gmail users. This is in contrast with what Google promised past year, where it said that it would stop reading its users email messages, which might be true, but it has done very little to stop other partner organisations from doing so.
Google users may authorize companies to access account data.
Two third-party apps have come under particular scrutiny. While many of these companies in question utilise machines to go through users emails for keywords and phrases, some of them have it done manually by their employees. He says engineers at eDataSource occasionally reviewed emails when building and improving software algorithms.
Gmail has about 1.4 billion users while Microsoft and Oath, the group formed after Verizon bough Yahoo!, are the next two biggest email providers.
It said Facebook for years let outside developers have access but claimed the practice was stopped by 2015.
Google said only companies that had been vetted could access messages, and only if users had "explicitly granted permission to access email".