Third-parties may read your Google Mail emails if you allow it
Third-party developers may access emails on Gmail if users give them access to the data, that's the main takeaway from a new Wall Street Journal story (which I don't link to because paywall).
Google users may authorize companies to access account data. Some companies may request access to "read, send, delete, and manage your email" which gives them full access to emails on Gmail.
Users need to give explicit consent to applications or services, and if that happens through a token-based system that Google uses for this kind of authorization, it does happen without users having to supply their username or password to these companies.
Clients and services may require access; a third-party email client needs access to emails, and an add-on that runs directly on Gmail needs access as well.
One could say that users are responsible for granting access to their data. Google told The Verge, which reported on the story of the Wall Street Journal, that all companies are vetted before they are allowed to request user data.
The other side of the medal is that developers sometimes request permissions that they don't need explicitly and that it is often difficult for users to determine whether the request makes sense. There is also no option to deny certain access, it is always an all or nothing type of situation.
The biggest takeaway, however, is that access is not restricted to computers accessing the data but that human employees may and do read emails as well. Google itself is very strict about giving employees access to emails and limits it to situations where a security issue or bug requires it, or when users give Google explicit permission to do so according to the Wall Street Journal.
Google's system allows or disallows access to the email data only; the company makes no distinction between algorithms that read emails, for instance to provide functionality, and humans who read it. In other words: if you grant a company access to your email data, it may be that human employees read it.
Some Gmail users may be shocked when they realize that humans may have read their emails on Gmail. Companies may reveal additional details about how data is processed but most users don't read privacy policies, terms of service, and other legal documents prior to allowing access to their data or installing applications.
What users may want to do
The very first thing that you may want to do is open the Permissions page for your Google Account to make sure that only legitimate applications and services have access to it. We suggested the very same thing last year after a big Google Docs phishing scam hit Google users.
You may need to research each individual program or service to make an educated decision. If you use the email client Thunderbird for example, you may see it listed as a third-party app with account access.
You can remove access for any service or application listed on the page and should do so for any that you don't use.
Now You: Do you permit third-party apps access to important data?
Now Read: Google Account features you need to know about
…but Thunderbird is still considered an too unsafe third party software to access your Gmail account. F U Google!
I don’t understand this comment. I use Thunderbird to access my work GMail account without any problems.
Yes, you can but you have to “allow unsecure programs” in your Google Account and a warning comes up. This might scare some people so they stay with the Gmail App. That’s a dirty tactic by Google.
I don’t have to now, used to have to do that.
Thanks for a rational and non-baiting article on the matter, and reporting the facts!
I’ve already raged against other “fake new” sites misreporting (on purpose?) the WSJ article, which only serves to inflame a sensitive issue.
It’s worth noting that a clear negative bias from WSJ can be observed by even just a cursory search of their articles on any Google related subject, something other sites have ignored as if WSJ is a presumed Tech authority.
That aside the real issue is that yet again, people are allowing access to their data (email) without understanding the consequences and intrusion into their privacy.
My own experience, as a Tech professional, has consistently shown that Google itself is very good about data (including email) privacy. In my capacity I’ve had many many interactions with Google Support while working on my company issues, and Google has asked EVERY time for permission to access ANYTHING in our accounts.
meanwhile the w10 dorks are reading about how to “secure” their system from m$, including convoluted mixes of host file entries, black box programs and more. it’s like plugging holes in the titanic with your fingers.
Speaking of “dorks”, I’m pretty sure that disparaging MS OS users doesn’t make you superior to the peasants.
I have no idea what you’re getting at, your diatribe ended mid “thought” but the Titanic sunk because of one gigantic hole.
Within Google Mail account, there are, and have been settings to stop this from happening. My guess is, mobile phone apps are the root cause needing to access email etc.. in order to work. Most will use the app, discard and forget it then realize later that they forgot to revoke permissions in the Google Mail Account.
Yes, email privacy is an issue we all need to be aware of but it also needs to be noted that the Wall Street Journal, along with Fox News, is owned by Rupert Murdoch. He’s never been shy about his hate and disdain for Google, the issue being for those who actually do rely on WSJ for any tech-related coverage, they should at least take Murdoch’s prejudices into consideration.
his kids run it, he has very little to do with it now.
why I run my own mail servers.
@Really said on July 3, 2018 at 11:40 pm
>Speaking of â€œdorksâ€, Iâ€™m pretty sure that disparaging MS OS users doesnâ€™t make you superior to the peasants.
“If you can’t get the message, get the man.” – Mel Gibson
Machines reading your emails is already an unacceptable privacy violation by Google, that shouldn’t even be legal. And a violation of human rights. Once you’ve surrendered that, there’s little reason left to be shocked because some people read them directly too.
Well it’s time to encrypt your email, people.
You may wanna take a look at this:
It has yet fully mature now, but hopefully soon.
“Developers” and “apps” are euphemisms for selling data. Honesty, how many apps aren’t replicates of 100 almost identical ones? “Developer” can be anyone, a guy in a wet photography lab, maybe. Or hair dye. Works mean nothing online.
Block ALL this stuff; go online and find what you want, download, pay if needed or donate and get good apps! Google Store is almost completely garbage!
I just stripped a new android phone for one of the kids; which I can do easily but it took a deep dive just to sign out of my freaking gmail account! I had to sign in to get to the store to download ff focus before disabling chrome. Google’s crawling up your leg at every opportunity.