Google Still Lets Third-Party Devs Scan Your Email

(Image credit: Sundry Photography / Shutterstock.com)

Many sitcoms use pre-recorded laugh tracks, and even the ones that don't let the audience know exactly when they're supposed to chuckle. A similar thing happens when it comes to privacy scares. Some problem is revealed, usually regarding a big tech company, and people are expected to freak out. The latest cue to act surprised: Google told U.S. lawmakers that it lets third-party devs scan and share email via Gmail.

That's supposed to seem like some kind of revelation. Pretending that it is, though, is more like following someone else's prompt than genuinely responding to what The Wall Street Journal read in a letter Google sent to senators questioning the privacy protections afforded to Gmail users. The reality is that we've always known third-party apps could read messages in Gmail because they simply wouldn't exist without that capability.

How else is a third-party app made specifically for Gmail supposed to function? People use these products because they want to be able to handle their inboxes better, extract information from the far-too-many emails they receive each day, or do something else that Gmail doesn't. Being upset that Google lets developers access this data is like someone in a high-rise being mad at their doorman for letting UPS into the building.

There is one key difference: the WSJ reported in July that some of these developers were having their employees read some emails themselves so they could train AI. Developers can also share information with outside companies, meaning information gleaned via email scanning could be used to inform advertisements, for example. A lot of Gmail users probably didn't realize the contents of their emails could be used in that way.

But that comes down to a matter of technical literacy. Many companies offer free services that are monetized by advertisements. Marketers want to make sure their ads reach the right people, so they require access to increasing amounts of data from the companies they do business with. Using these free services, then, often requires people to give up their privacy in exchange for not having to pay for a product themselves.

The WSJ's report also indicated that Google isn't simply letting developers access information willy-nilly. The company reportedly said in its letter that "developers may share data with third parties so long as they are transparent with the users about how they are using the data" and that it requires privacy policies for these third-party apps to be "easily accessible to users to review before deciding whether to grant access.”

A similar rule applies to how Google handles Gmail itself. The company stopped collecting information for the purposes of ad targeting from Education users in 2014, and did the same for all Gmail users in 2017. But note the phrase "for the purposes of ad targeting." The company still uses its access to Gmail users' messages to introduce new features like Smart Replies and the inbox that automatically categorizes messages.

There are plenty of things worth criticizing Google--and other large tech companies--regarding their handling of user privacy. The company's ability to read "confidential" messages, its decision to stop working on end-to-end encryption in Gmail and efforts to gather more information are all worrisome. Letting third-party apps function, both technically and financially, is now part of the status quo.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • vapour
    WTH, anyone knows which email company has best privacy protection?
    Reply
  • velocityg4
    "developers may share data with third parties so long as they are transparent with the users about how they are using the data" and that it requires privacy policies for these third-party apps to be "easily accessible to users to review before deciding whether to grant access.”

    Transparent, as in one sentence buried in page 92 of the developers EULA.:sarcastic:

    21338933 said:
    WTH, anyone knows which email company has best privacy protection?

    Given their stance on privacy. My guess would be Apple with iCloud. At least as far as multinational conglomerates with free e-mail are concerned.

    Otherwise it's going to be a paid e-mail host. As I recall using the online chat when setting up a domain with hostgator. I asked about them scanning through anything. The swore up and down that they don't look at anything in their customers accounts and that they specifically say so in their privacy policy. Although I didn't bother with reading that. My concern had more to do with domain ownership privacy.

    I'd assume the same would be true for any Exchange host.

    You could always host your own e-mail. Domain registration is cheap. Then some DNS service if you don't have a static IP. Although any e-mail you send to others will be read if it isn't encrypted.
    Reply
  • Fait
    Protonmail is your best option for privacy. May not be perfect but its the best you can get.
    Reply
  • popatim
    Just goes to further prove that anything you store on the net isn't really secure unless you encrypt it. And even then, with googles server/gpu farms, I'm sure they could break it in 10 minutes, if not faster.
    Reply
  • phobicsq
    Well any mail can be opened, police can search your stuff most of the time, and we're all being put under surveillance so email being probed isn't that surprising.
    Reply