Google Gives Third-Party Apps Access to Your Gmail Inbox

Last year, Google released a statement promising its users that the days of Google having access to your Gmail inbox are over. Despite that statement, user installed apps can still access your inbox and your data.

Google’s Latest Statement – Who Gets Access to Your Gmail Inbox

You may remember the Wall Street Journal reporting that “hundreds” of third-party developers can scan your Gmail inboxes. This prompted US Senate Republican to raise concerns to Google in a letter over their “potential misuse of personal data”,

“While we recognize that third party email apps need access to Gmail data to provide various services, and that users consent to much of this access, the full scope of the use of email content and the ease with which developer employees may be able to read personal emails are likely not well understood by most consumers.”

The letter also prompted Google to answer 5 specific questions to clear up the confusion around this privacy concern:

1. If Google requires these developers to follow any specific “privacy or data protection policies”. Google was also asked to describe these policies.
2. To describe how Google manually reviews the apps and the developers who request such access.
3. To describe how Google suspends apps that don’t comply with the above-mentioned policies. Google was also asked to send a list of the suspended apps detailing the circumstances for each suspension.
4. If Google gives access to Gmail users’ personal email to its employees. They also asked Google to explain how they ensure that “personal email content is not misused or shared more broadly”.
5. If Google knows about any instance where an app developer shared user data with a third party. Google was also asked to describe any instance that might have happened and the actions it took to recover the data.

Here is Google’s reply.

Despite what Google might have hoped, the reply doesn’t really scream “transparency”. All it does is confirm that apps and developers get access to your Gmail inbox.

and it’s technically your fault.

How to Protect your Gmail

Ok, I know I said it was your fault.

I did that because…well..it is. The apps that have access to your Gmail inbox are apps you specifically allowed to do so.

You know that pesky message you get when you first run an app? The one that says “This app wants access to your Google Account”? Yeah…that’s when you end up giving them access.

Now, while this message technically shows that Google did give you fair warning, the Senate’s letter is very much correct when it said that not every user knows what giving an app access means.

My little sister, for example, thinks that giving an app access just means that you can now use the app on your phone. One of my friends thought that the access was limited to when you are using the app yourself.  It’s safe to say that both were pretty freaked out when I explained what that access really means.

To keep your Gmail inbox and your data protected, make sure to:

1. Start reading privacy policies and Terms of Service pages carefully.
2. DO NOT give an app access to anything if you don’t trust its Privacy policy.
3. Take a more proactive stance in protecting your own data by being more informed about what services you’re using.
4. Consistently check your device’s privacy settings.
5. Consistently check your Gmail’s privacy settings.
6. Be vocal. If Google has verified an app that you don’t think should get access to your inbox, write to Google for an explanation. Or better yet, write a review about the app warning other users.

How to Protect All of Your Data

Despite doing all I mentioned above, you still won’t have total control over your security and your privacy. The thing is, a lot of the apps that have become vital to our daily use aren’t great when it comes to logging out data. Most of them even sell our data to third-parties.

For that reason, I suggest always using a VPN when you connect to the internet. A VPN will re-route your traffic and encrypt your data, making it very difficult for any data theft to happen. As long as you’re using a credible and trusted VPN, you don’t have to worry about your privacy while online. I am not saying that a VPN is the end-all to your security problems, but it’s a substantially better option than putting your faith in developers.

Look, the internet is not a private space. The more digital we get, the more valuable our data gets. To the best of my knowledge, I doubt there’s a way to make sure you’re 100% private while using the internet. However, there are ways where you can actively choose which data developers, apps, and ad companies get to access.

Long story short: You can’t afford to skip over ToS and Privacy policies anymore.