Is Google reading your emails? No, but third-party apps might be.
As The Wall Street Journal reports, “hundreds of outside software developers scan the inboxes of millions of Gmail users” who have given permission for these apps to connect in return for things like price-comparison services and travel alerts. Much of this is handled by algorithms, but some messages go through human review in order to train software.
The Journal cites companies like Return Path, a marketing service that reviewed about 8,000 emails two years ago while working on its software; computers can handle about 100 million messages per day. Edison Software did the same for “hundreds of users” when building a new feature, the paper says.
In a blog post about the story, Google stressed that developers must provide clear guidance on how people’s data will be used.
“Before a non-Google app is able to access your data, we show a permissions screen that clearly shows the types of data the app can access and how it can use that data,” wrote Suzanne Frey, Director of Security, Trust, and Privacy for Google Cloud. “We strongly encourage you to review the permissions screen before granting access to any non-Google application.”
Are you connected to any data-sniffing apps? Frey urged Gmail users to peruse Google’s Security Checkup tool, which outlines any non-Google apps that have access to your data under “third-party access.” It “flags potentially risky apps so you can revoke any previously granted permissions that you are no longer comfortable with,” she wrote.
Or look at permissions within myaccount.google.com under “Apps with account access.”
The news is probably not super surprising for those who have long had Gmail. When Google’s service first debuted more than a decade ago, it made headlines for a message-scanning feature that was used to serve up targeted ads alongside emails. It faced a number of lawsuits over the years; Google stopped the Gmail scanning last year.
“To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse,” Frey wrote today.
The report, however, comes shortly after Facebook faced a huge PR nightmare when a third party—the now-defunct Cambridge Analytica—got its hands on the data of up to 87 million Facebook users. In that case, a developer ran afoul of Facebook’s rules by providing Cambridge Analytica with the info, but as the Journal points out, “Google does little to police [its] developers” in regards to email scanning.