When linking an account to a third party, users are asked to certain access permissions, often including access to read, send, manage or even delete emails. Millions of people are believed to have installed Gmail apps.
One could say that users are responsible for granting access to their data. There are times when Google employees do read emails but it's with very specific cases where users give Gmail their consent or for security purposes like investigating a bug or abuse. But there's still this uneasy feeling that all these 3rd party apps can see things like recipient addresses, timestamps, and yes, entire messages. What is unclear is how closely these outside developers adhere to their own agreements and whether Google does anything to ensure they do. Gmail has almost 1.4 billion users globally - more users than the next 25 largest email providers combined.
"Overall there should be no surprises for Google users: hidden features, services, or actions that are inconsistent with the marketed objective of your application may lead Google to suspend [access]".
They include Return Path, a company that collects data for advertisers, and email organisation tool Edison Software. Users don't know, for example, that people - not just computers - can and do read emails.
"We make it possible for applications from other developers to integrate with Gmail - like email clients, trip planners and customer relationship management (CRM) systems - so that you have options around how you access and use your email", Suzanne Frey, the director of Security, Trust, & Privacy of Google Cloud, wrote.
Frey also reiterated the existing data controls users have at their disposal to examine the permissions they have given to third-party apps and take back the same authorization if necessary.
Google is only supposed to allow proper vetted third-party developers access to this treasure trove of information, and you can see the requirements here.
The newspaper spoke to a number of companies which claimed their employees had read people's emails, including software firm Edison Software and eDateSource Inc, which used the data to tweak its algorithms.
If you want to check if any developers have permission to read yours, you can go to Google's privacy checkup page.
With Gmail being a free email service, it makes sense that Google would need to find a way to make money, right?