Google may not read your Gmail messages, but third-party apps do

Last year, Google stopped scanning your Gmail inbox in order to target personalized ads at you, but plenty of third-party apps are still able to access the content of your emails.

In some cases, developers of certain apps – for example trip planners – can be directly integrated with Gmail and granted access to utilize user data for their benefit (emails which show when you’re going away, for example, in this mentioned case).

Google has stated that it’s fine with this, as detailed in a letter by Susan Molinari (spotted by CNN Money), who is VP of public policy and government affairs at the company. And what’s more, the firm is okay with that data being further shared with others, with one proviso – Molinari wrote a letter to Senators stating that: “Developers may share data with third parties so long as they are transparent with the users about how they are using the data.”

In a blog post defending how the user’s security and privacy are ensured within Gmail, Google said that any app produced by a third-party goes through an extensive review process before it’s allowed access to Gmail messages.

That includes both an automated and manual review of the developer of the software, along with scrutinizing the privacy policy relating to the app (and undertaking an assessment of the app’s legitimacy). The software is also tested to make sure that it actually does what it claims to do.

Google further notes: “Apps should ask only for the data they need for their specific function – nothing more – and be clear about how they are using it.”

Watchful eye

The firm says it ensures non-Google apps continue to meet the stipulations it has laid out for third-party software, and it can identify apps which are falling foul of these policies, and suspend them. That suspension happens before any user data has been accessed in the ‘majority’ of situations, apparently.

Furthermore, Google also reminds us that before a third-party app is allowed access to your data, there’s a permissions screen which shows what type of data will be accessed, and how it will be used – and that users should thoroughly evaluate these permissions before they install a non-Google app.

Google has mustered a fairly comprehensive defense then, but the fact that it has felt the need to do so is somewhat telling. It’s certainly true that giving third-party software access to your messages can enable some useful functionality.

The main worry, though, is how all this sounds very open-ended when it comes to app developers being able to pass on user data to other third-parties, as long as they are ‘transparent’. And of course, speaking of the latter, the way in which this matter has emerged leaves a lot to be desired in terms of transparency from Google itself…

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).