Google’s Facebook Problem: Pixel Maker Allows Outside Developers to Read Your Emails

Author Photo
Jul 2, 2018
11Shares
Submit

App developers can sift through the emails of millions of Gmail users, The Wall Street Journal reports. This practice has been known in the industry for a long time, but Google had promised last year that it would stop its computers from scanning the messages of Gmail users to personalize advertisements.

While that may be true, the tech giant continues to give access to “hundreds of outside software developers scan the inboxes of millions of Gmail users who signed up for email-based services offering shopping price comparisons, automated travel-itinerary planners or other tools,” WSJ reports.

elon-musk-7Related Nope, Elon Musk Isn’t Giving Away Bitcoins on Twitter – Crypto Con Made Scammers $180K in a Day

This access enables these third parties to view Gmail users’ emails, recipient addresses, timestamps, and the entire content of those messages. Google suggests that all of this happens “with” user consent, however, it may be another case of tricking users into giving consent without properly informing them about it first.

Google may not be going through your Gmail inboxes anymore, but it’s certainly letting others do it

Similar to other tech giants, Google has also allowed developers to have access to user accounts as long as users gave their permission. However, this practice has raised several concerns specifically because companies often confuse users with legalese, tricking them into agreeing with everything.

In this particular case, if a Gmail user is trying to take advantage of a price comparison or travel itinerary planning services, the app’s service agreement also enables it to view users’ emails. The Journal reported that this has actually become a “common practice” for marketing companies. It isn’t clear how carefully Google is monitoring such access and what measures it has taken to avoid the Cambridge Analytica-like data misuse cases.

intel-securityRelated [Update: Intel Responds] Yet Another Side-Channel Vulnerability Discovered – Verified on Skylake and Kaby Lake

While enabling companies to use algorithms or computers to better target you is no less a problem, there is also a concern of a real person having access to your inbox and the potential to misuse such access to your private life. The Journal reported (emphasis is ours):

One of those companies is Return Path Inc., which collects data for marketers by scanning the inboxes of more than two million people who have signed up for one of the free apps in Return Path’s partner network using a Gmail, Microsoft Corp. or Yahoo email address. Computers normally do the scanning, analyzing about 100 million emails a day. At one point about two years ago, Return Path employees read about 8,000 unredacted emails to help train the company’s software, people familiar with the episode say.

Letting employees read user emails has become “common practice” for companies that collect this type of data, says Thede Loder, the former chief technology officer at eDataSource Inc., a rival to Return Path. He says engineers at eDataSource occasionally reviewed emails when building and improving software algorithms.

Google says it has stopped scanning Gmail contents for advertising dollars, but the possibility of random companies that can potentially set up some app to get this access is troubling. It is even more concerning after Facebook’s Cambridge Analytica scandal since it revealed how a random researcher or a political consultancy can use this access for nefarious purposes.

Google in its response assures that the company vets all these developers who get access to this service. “If we ever run into areas where disclosures and practices are unclear, Google takes quick action with the developer,” Google promises. In the aftermath of Facebook’s ongoing saga of data disasters, Google’s confidence in outside developers could spell doom for the company.

– You can head over to your account settings (link) to check if you ever fell for these apps that most of us use one time and then forget to remove them from our online lives.

Source: WSJ (Paywall)

Submit