News

Google confirms third-party developers can read Gmail messages

Users may be oblivious to the level of access they allow when connecting third-party apps.
Users may be oblivious to the level of access they allow when connecting third-party apps. Users may be oblivious to the level of access they allow when connecting third-party apps.

Third-party app developers can read some users’ Gmail messages, Google has confirmed, following concerns over privacy.

Questions have been raised by reports in the US about the level of data that can be accessed and how aware people are that they are agreeing to share private emails.

In response, Google has reminded users that whenever someone adds an app to their account they must explicitly provide developers with permission to their data.

Permissions including “view your email messages when the add-on is running” must be agreed to before anyone can begin using the apps.

Gmail
Gmail Gmail (Google)

Google’s API services policy states that any third-party must provide “clear and accurate information explaining the types of data being requested”.

The policy also says there should be “no surprises for Google users” and warns that hidden features or services could lead to access being withdrawn.

“You are strictly prohibited from engaging in any activity that may deceive users or Google about your use of Google API Services,” the company wrote.

“Your use of Google user data must be limited to the practices explicitly disclosed in your published privacy policy, but you should consider the use of additional in-product notifications to ensure that users understand how your application will handle user data.”

Someone using a mobile phone
Someone using a mobile phone Third party sites can access data such as location or contacts (Chris Radburn/PA)

Google already operates a Security Checkup tool which shows users exactly what permission they are giving third-party developers and the ability to instantly remove any.

Cyber security expert Evgeny Chereshnev, from Biolink.Tech, said more awareness was needed around cyber security and privacy.

“This type of access is going to continue, and people need to be aware that every time they connect to, or install, a third-party application on their mobile device, they are giving rights to those applications – often without even thinking about it,” he said.

“These applications gain access to users’ contacts, information about the user of the phone, as well as things like GPS location, so this needs to be taken very seriously.”

Gmail, which first launched in 2004, is the most popular email service in the world with 1.4 billion users worldwide. Google add-ons launched on the service in October 2017.