Google has issued a detailed response after a report in the Wall Street Journal showed how third-party app developers were reading Gmail messages of users, sometimes without explicit permission. Google’s response, written in the form of a blog post, says no one at the company was reading users’ Gmail messages and that all third-party vendors are carefully vetted by the company.
The response reads, “We make it possible for applications from other developers to integrate with Gmail—like email clients, trip planners and customer relationship management (CRM) systems—so that you have options around how you access and use your email. We continuously work to vet developers and their apps that integrate with Gmail before we open them for general access, and we give both enterprise admins and individual consumers transparency and control over how their data is used.”
The post points out that the company does “automatic processing of emails,” in order to keep out spam and phishing mails from inboxes, which is a “standard practice across the industry.” This automatic processing also allows for intelligent features like Smart Reply, which has recently been rolled out to Gmail and has been of the Inbox app for sometime.
The reply claims that ‘automatic processing of emails’ does not mean that Google is reading a user’s emails. It also notes that ads shown in Gmail are “not based on the content of your emails.”
“No one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.”
Google says that users can go to the Security Checkup in their settings to review permissions given to app developers, which would include these non-Google apps. The company says users have the power to revoke these permissions and that keeping a user’s “data secure” is the company’s “top priority.”
So why are third-party developers reading Gmail messages? Why is Google letting them read emails?
According to the report by the Wall Street Journal, which was published on Monday, third-party app developers are often allowed to sift through Gmail messages of users in their efforts to offer ‘better’ products and services. In some cases, these apps and companies were deploying machines to skim through emails, in other cases human employees of the companies were reading actual emails in order to help develop features. The report highlighted that this was in complete contrast of Google’s promise that it would stop reading emails of users.
The WSJ report highlighted two apps called Return Path and Edison Software. The first collects data for marketers by analysing emails. Edison Software read emails to help develop their ‘Smart Reply’ feature. Both companies have read thousands of emails, and according to the report, this appears to an open-secret in the world of technology.
Google says that apps must not misrepresent their identity in order to pass the company’s requirements. Also, apps should only request relevant data and be clear about their purpose. Google says apps that do not comply with these policies or misrepresent themselves are suspended. The post does not mention any apps which were taken down or suspended in the past for violating the terms and conditions.
It should be noted that when users given access to a non-Google app to their Google account, the company does list out the kind of permissions that the particular app is granted. Google says that users should review the permissions screen before granting access to such apps. Users can also go to myaccount.google.com under “Apps with account access,” and do a security check for the same.
The post adds, “We do not process email content to serve ads, and we are not compensated by developers for API access. Gmail’s primary business model is to sell our paid email service to organizations as a part of G Suite.” G Suite includes an array of Google services offered for enterprises, business, which includes Gmail, Google Docs, etc.