The concern came up with a story from The Wall Street Journalyesterday that detailed how common it is for third-party app developers to be able to read and analyze the contents of a user’s Gmail message.
The controversy stems from apps — such as third-party email clients and customer relationship management (CRM) software — that require access to Gmail accounts. Such integrations offer users a wide range of additional functionality, but with the Facebook and Cambridge Analytica data scandal pushing data-sharing into the public consciousness, it was only a matter of time before Google came under closer scrutiny.
Suzanne Frey, director of security, trust, and privacy at Google Cloud, has now indirectly addressed some of the findings in the WSJ report, and her response is interesting in terms of both what it says and what it doesn’t.
While this is not completely avoidable, but can be ensured to be with trusted sources if we could review the permissions screen before giving access to a non-Google app and using the company’s Security Checkup tool to check what devices have logged into your account, which third-party apps have access to your Gmail, and what permissions those apps have. Frey also says Google’s review process is designed to ensure companies and individuals do not misrepresent themselves and only request data relevant to the function they’re providing.
“The practice of automatic processing has caused some to speculate mistakenly that Google ‘reads’ your emails,” Frey writes. “To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”