View Single Post
  #1 (permalink)  
Old 07-09-2018, 06:55 AM
mr wonder's Avatar
mr wonder mr wonder is offline
PW Enlightenment
Join Date: Mar 2011
Location: Virginia
Gender: Male
Posts: 11,316
Thanks: 9,944
Thanked 6,119 Times in 4,154 Posts
Default Gmail app developers have been reading your emails

"Gmail app developers have been reading your emails
It’s a common practice that’s gone largely unnoticed"

"Third-party app developers can read the emails of millions of Gmail users, a report from The Wall Street Journal highlighted today. Gmail’s access settings allows data companies and app developers to see people’s emails and view private details, including recipient addresses, time stamps, and entire messages. And while those apps do need to receive user consent, the consent form isn’t exactly clear that it would allow humans — and not just computers — to read your emails.

Google told The Verge that it only gives data to vetted third-party developers and with users’ explicit consent. The vetting process involves checking whether a company’s identity is correctly represented by its app, its privacy policy states that it will monitor emails, and the data that the company is requesting makes sense for what the company does. An email app, for instance, should get access to Gmail. Some developers have applied for access to Gmail but have not been granted permission, although the company won’t say how many.

Google employees may also read emails but only in “very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse,” the company stated to the WSJ.

Still, it’s clear that there are a lot of apps with this access, from Salesforce and Microsoft Office to lesser known email apps. If you’ve ever seen a request like the one below when entering your Gmail account into an app, it’s possible you’ve given the app permission to read your emails. And as WSJ reports, other email services besides Gmail provide third-party apps similar access, so it isn’t just Google that may have these issues.

Some of those “trusted” companies include email managing firms Return Path and Edison Software, which have had opportunities in the past to access thousands of email accounts. The WSJ talked to both companies, which said they had human engineers view hundreds to thousands of email messages in order to train machine algorithms to handle the data. Both Return Path’s and Edison Software’s privacy policies mention that the companies will monitor emails. Still, they don’t mention that human engineers and not only machines have access.

Edison Software responded in a statement to The Verge, “We have since stopped this practice and expunged all such data in order to stay consistent with our company’s commitment to achieving the highest standards possible for ensuring privacy.”

The situation is reminiscent of the conditions that led to Facebook’s Cambridge Analytica data sharing fiasco: something that was common practice for years — letting third-party apps access Facebook data — was eventually abused and fell under government and public scrutiny once it became well known.

While there’s no evidence that third-party Gmail add-on developers have misused data, just being able to view and read private emails seems like crossing a privacy boundary. And it’s not clear how secure this system really is; last year, Google users fell victim to a phishing attack that disguised itself as a permissions request from Google Docs to gain access to user contacts using the same authorization system. While Google says it’s made a bunch of improvements since then, the attack highlighted the vulnerabilities of Google’s permissions system....."

and the beat goes on....
Hope is the dream of the waking man.

For there is hope of a tree, if it be cut down, that it will sprout again, and that the tender branch thereof will not cease.
Job 14:6-8
Reply With Quote