Google allows third-party app developers to read private emails of Gmail users

App developers have called it a common practice, but Google's consent agreement with users do not specify if data is accessed by humans or machines.

Even as Facebook struggles to recover from the massive data scandal that wiped off billions of dollars from its market cap, other tech giants aren’t breathing easy either. Fresh reports have now emerged that claim Google allowed third-party app developers to read and browse through the emails of millions of Gmail users.

Gmail’s access settings allow data companies and software developers to sneak into the inboxes, especially those who sign up for email-based services, and view details like recipient addresses, timestamps, and even entire messages.

The Wall Street Journal, which was the first to point this out, called it “tech’s dirty secret” that has been kept under wraps for a long time. “Google does little to police those developers, who train their computers - and, in some cases, employees - to read their users' emails,” it said.

Google, however, has denied privacy violations, stating data is provided to vetted third-party developers only and with the users’ explicit consent. Also, its own employees read emails only “in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”

The third-party developers who have access to Gmail user data allegedly share them with marketers, hedge funds and other businesses. Considering Gmail has 1.4 billion users, that is a vast pool of private data that is out for sale.

Two third-party apps have come under particular scrutiny.

One is Return Path, an app that collects data for marketers from users’ inboxes. It is said to have accessed over 8,000 emails in the past two years to fine-tune its software.

The other is Edison Software, an email management app. It is said to have allowed its employees access to “thousands” of user emails to help develop the app’s Smart Reply feature.

Last year, Google had assured that it would stop scanning the inboxes of Gmail users for information that helps it offer personalised advertisements, announcements, shopping and travel deals etc. It said that it wanted users to “remain confident that Google will keep privacy and security paramount.” The search giant even rolled out new features for Android users that give them better control over privacy settings in their Gmail accounts.

However, Google’s process of seeking consent from Gmail users is not very clear. Nowhere does it mention that human employees, and not machines, are being allowed to pore over personal communication.

While several app developers have termed this a “common practice” where humans access user data to develop machine algorithms, Google is yet to ensure that user data will not be compromised in a Facebook-Cambridge Analytica manner.