Tech's 'dirty secret': App developers are sifting through your Gmail

Software Developers are Scanning the Inboxes of Gmail Users

Before a non-Google app may access data, Google shows a permissions screen that displays the types of data the app can access and how it can use that data. Their privacy policies mention monitoring emails but they don't mention the human part. They check on the company's identity, its privacy policies, and that the data they are getting makes sense for the business that they are running. Some companies may request access to "read, send, delete, and manage your email" which gives them full access to emails on Gmail. But what you don't know is that sometimes, humans are doing the accessing and reading and not just the computers that we assume are the ones doing it.

Clients and services may require access; a third-party email client needs access to emails, and an add-on that runs directly on Gmail needs access as well.

If any apps give you the creeps about what kind of data it can pilfer from you, you can simply click on "Remove access" to banish it into the digital trash bin. "These applications gain access to users' contacts, information about the user of the phone as well as things like Global Positioning System location, so this needs to be taken very seriously".

The revelation comes at a bad time for Google and Gmail, the world's largest email service, with 1.4 billion users. It's said to have let workers read "thousands" of emails to help train its app's "smart reply" feature.

Edison said it has since stopped this practice. In other words: if you grant a company access to your email data, it may be that human employees read it.

Of course, while this seems like a sensible use of data, the users whose emails were used for the exercise arguably did not explicitly consent.

The WSJ cited a second case, that of another Gmail developer, Edison Software, that sells a mobile application for reading and organising email.

And this is really the crux of the issue.

Google says users can access the Secutiry Check-up page to see linked apps and change security settings if they would like to stop sharing data with certain apps. "We know nobody's feasibly going to read them", Hunt says.

Hunt says he hopes new regulations like Europe's General Data Protection Regulation (GDPR), which recquires companies to clearer in communicating what they do with data, will improve matters.

"[Terms and policies] are lawyer arse-covering exercises, and I don't think the fact that they're documented really makes much of a difference".