Gmail: third-party developers may still be reading your messages
- Updated at March 18, 2021
- By Gatefy
- Blog, Security News
Email security and privacy issues continue to generate discussion and concern. As Naked Security disclosed, third-party developers may still be reading your Gmail messages.
After the Wall Street Journal reported, in July, on how Google is allowing app developers to access messages from Gmail users, Senators John Thune, Roger Wicker, and Jerry Moran required an explanation from Google CEO Larry Page.
They wanted to know how Google deals with this situation. Their concern was about the potential misuse of sensitive and personal data. So, they have asked five questions to Google.
Table of Contents
Five questions about Gmail data security
Here are the five questions the Senators asked Google.
1) Does Google require developers of apps requesting access to Gmail data to conform to any privacy or data protection policies? If so, please describe these policies.
2) In a recent blog post, a Google representative stated that Google manually reviews developers and apps requesting access to Gmail data to ensure that the developers and apps accurately represent themselves and only request relevant data. Please describe this process in detail.
3) That blog post also stated that Google reviews apps’ compliance with Google’s policies and suspends them if they fall out of compliance. Please describe this process in detail. In addition, provide a list of all instances in which Google has suspended an app in this way, with an explanation of the circumstances for each.
4) Does Google allow its own employees to access the content of Gmail users’ personal emails? If so, what safeguards does Google have in place to ensure that personal email content is not misused or shared more broadly?
5) Is Google aware of any instance of an app developer sharing Gmail user data with a third party for any purpose? If so, describe any such instance and the parties involved, as well as any action Google has taken to recover such data.
Google's response
Google’s answer was given by vice president of public policy and government affairs for Google’s Americas operation Susan Molinari.
“Developers may share data with third parties so long as they are transparent with the users about how they are using the data”, Molinari said.
Google uses two arguments in its favor. The first is that app developers must agree to the company’s privacy policy and they have to go through a verification process. The second is that users also need to agree with a privacy policy that allows access to their messages.
Yahoo and AOL case
This case is very similar to the news we posted recently: Yahoo and AOL scan emails to sell valuable data.
The questions remain the same: how far should privacy policies go? And how companies should treat their users’ personal information?