Facebook has been in the headlines for playing fast and loose with your privacy, but a new report from the Wall Street Journal suggests Google isn't always safeguarding your personal information, either. Gmail has always had some questionable privacy problems: the company has fielded several lawsuits over its practice of scanning email and serving up ads based on what it found. Google stopped scanning your inbox last year, but that doesn't mean other companies have. In fact, third-party companies may have more access to your inbox than Google ever did.
The problem — as with Facebook — comes when you give apps access to your account in order to use their services. In the case of Facebook, this often meant innocuous-looking quizzes and games, but Gmail apps are often useful tools that just happen to gain access to your inbox when you sign up.
Earny is a prime example. It's an app that monitors your mailbox for receipts and then hunts for lower prices on those items. When it finds one, the app will attempt to get a refund for the difference and pass the cash back to you. Saving money is something everyone wants to do, which makes signing up for Earny incredibly appealing. But for Earny to do its work, it needs access to read your email. Its privacy policy (if you read it) is pretty clear on this point: "By using the Services, you provide us with access to your email account(s) and the content of your emails." But if you keep reading, you find out that Earny can also share this information with third parties, who have their own privacy policies you'll have to read if you want to understand what you're really signing up for.
One of Earny's partners is a company called Return Path, which scans mailboxes to collect data for marketers. And to do this, Return Path — and similar companies — may have more than software scanning your mailbox. In fact, Google's policy doesn't have anything to prevent these developers reading your email themselves. Return Path employees personally reviewed 8,000 messages in order to help train its software.
And these aren't the only companies with unrestricted access to your email — many useful apps that access your mailbox to help you out may be using your personal information for other purposes.
Google stresses that you have complete control over your personal information (another line we've heard from Facebook). The company reviews every developer making apps for Gmail, ensuring the companies and apps are legitimate. But that doesn't mean these apps don't have broad access to your email. Even though you have to give the apps permission before they can get into your mailbox, when you clicked "accept," you probably didn't realize you were signing up to have marketing AIs — and actual humans — to rifle through your mailbox.
Technically, you were told exactly what was happening… as long as you sorted through pages of legalese that make up each app's privacy policy, and the privacy policies of its partners. But how many of us actually read (or fully understand) them? Probably not many.
If you're concerned about the security of your Gmail account, start with Google's Security Checkup, which will highlight any potential security concerns. Clicking on "Third-party access" will list apps with access to your account, and suggest disabling apps you haven't used recently — particularly those that don't support secure two-factor authentication. It also lists apps with low-risk access to your account, explaining that "it's safe to keep giving these apps or services access if you trust and use them. They have low-risk account access or Google verified their developers' information."
But while these app developers have been vetted by Google, they may still have full access to your mailbox. As long as you've given them permission to read your emails, that's fine with Google.
To protect your privacy, we recommend reviewing all of the apps that have access to your account, as well as the services you sign on to with your Google account. Google lists everything using your account, and you can click on any app to see exactly what it has access to. If there's anything you don't use — or anything that has access to more information than you'd like — just click "Remove Access" to get rid of it.
And in the future, you may want to be careful about which apps you give account access to.
[Image credit: accessing Gmail on a phone via BigStockPhoto, Google]
From Sandy on July 06, 2018 :: 12:39 pm
I haven’t thought of this till now and I just removed 30 such apps. Thanks for the information. Now I’m more aware!
Reply