Third-party app developers can read millions of Gmail users’ emails, The Wall Street Journal reports. Access settings in Gmail allow data companies and third-party app developers to view user email.
In addition, they can also see other personal details, including the recipient’s address, timestamp, and all email messages. At the same time, each such application must receive user consent.
However, it is not known whether access is allowed for humans only or only computers to read email in the consent form.
As reported by The Verge, Google explains that they only provide data for checking third-party developers and with the actual consent from the user. The checking process includes whether the company’s identity is properly represented in the application.
Because in the privacy policy, it is stated that they will monitor the email and data requested by the company also in accordance with the company’s objectives. For example, the email application must get access to Gmail.
Several developers have applied to access Gmail but have not yet received permission. Google itself did not say how many developers did not get permission.
Digging Into The Problem
Seeing how risky the trouble is, users need a way to protect themselves from the cyberattack risks that could harm their personal data. They could use a VPN to be their essential protection. Users may have online freedom using PIA Chrome VPN or other reputable services. By having this VPN around, they can be more effectively protected.
The problem with Gmail privacy couldn’t be taken lightly. And it turns out that not only third-party developers but Google employees can also read emails but only in particular and very specific cases, which also requires the user’s permission. For example, for security purposes, such as investigating bugs or abuse.
What is clear is that there are many applications with this access, from Salesforce and Microsoft Office to lesser-known email applications. So if Gmail users ever see a request like the one below when entering a Gmail account into an application. Perhaps the user has also given the app permission to read the user’s email.
In a report, The Wall Street Journal said that other email services besides Gmail also provide similar access to third parties, so it’s probably not just Google that has this problem.
Some of these trusted companies include an email management company called Return Path and Edison Software, which have had the opportunity to access thousands of email accounts.
Both companies say they have human teams that can view hundreds to thousands of email messages to train the set algorithms to handle the data. Both mentioned that the company would monitor emails. However, they didn’t mention that human teams and not just machines had access.
How to Keep Your Account Safer
Start with Security Check. Google checking your account security is very easy: use your account’s built-in Security Check tool “Log in & security” page.
When you click the “Security Check” option, you’ll be thrown into a multi-part form that will ask you to review and confirm some information — this shouldn’t take long, but you’ll want to take some time to dig into the information, which you find here.
Set Recovery Phone and Email. This option is straightforward: confirm your recovery phone number and email address. If you’re logged out of your Google account, you’ll want to make sure that this is true. Also, you’ll receive an email on your recovery account whenever the primary account logs into a new location.
The following section is another important one: Account Permissions. It’s anything that has access to your Google Account — whatever you’re signed into with Gmail or permitted with your account.
This list will show the app or its device and what it has access to. If you don’t remember ever giving access to something (or no longer using the app/device in question), click the “delete” button to revoke the account access. If it’s an account you use and accidentally deleted, you’ll have to give it back access the next time you sign in.
If you’ve been using a reasonable amount of time online, you already know the talk: Use strong passwords. Your child’s name, birthday, or anything personal that can be easily guessed is not an example of a strong password — they’re the kind of passwords you use when you want your data stolen. The hard truth, we know, but it is.
We highly recommend using some password generator and manager to get as strong a password as possible — one that’s part of a password vault is even better.