Earlier in the week, a report credited to The Wall Street Journal attributed a security gafe in Gmail whereby third-party app developers could scan hundreds of millions of emails of users who sign up for their email-based services.

According to the report, developers behind third-party app that work with Google's Gmail services for things like helping you find a good shopping deal or manage travel are able to read private emails and also have their employees read them too.

Google, however clarified their stance in a post on Tuesday, while acknowledging that they make it possible for applications from other developers to integrate with Gmail - like email clients, trip planners and customer relationship management (CRM) systems, so that users would have options around how they access and use their email.

But that they continuously vet developers and their apps before they open them for general access, and do give both enterprise admins and individual consumers transparency and control over how their data is accessed.

The company maintains that non-Google apps ecosystem avail users more choices and help them get the most out of their email experience.

And before a published, non-Google app can access users messages, it must go through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.

Google will also show a permissions screen that clearly shows the types of data that the app can access and how it can use that data to the concerned user.

G Suite admins can control the scope of data members of an organization are able to grant non-Google apps access to by whitelisting connected OAuth apps, which ensures that G Suite users can give access only to non-Google OAuth apps that have been vetted and are trusted by their organization.

The company assures users that no one at Google reads their Gmail, except in very specific cases where you ask them to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.

If you're concerned about your messages privacy, you should visit the Security Checkup to review what permissions you have granted to non-Google apps, and revoke those that you find rather untrustworthy.

Google clears the air about the Gmail messages privacy controversy



Earlier in the week, a report credited to The Wall Street Journal attributed a security gafe in Gmail whereby third-party app developers could scan hundreds of millions of emails of users who sign up for their email-based services.

According to the report, developers behind third-party app that work with Google's Gmail services for things like helping you find a good shopping deal or manage travel are able to read private emails and also have their employees read them too.

Google, however clarified their stance in a post on Tuesday, while acknowledging that they make it possible for applications from other developers to integrate with Gmail - like email clients, trip planners and customer relationship management (CRM) systems, so that users would have options around how they access and use their email.

But that they continuously vet developers and their apps before they open them for general access, and do give both enterprise admins and individual consumers transparency and control over how their data is accessed.

The company maintains that non-Google apps ecosystem avail users more choices and help them get the most out of their email experience.

And before a published, non-Google app can access users messages, it must go through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.

Google will also show a permissions screen that clearly shows the types of data that the app can access and how it can use that data to the concerned user.

G Suite admins can control the scope of data members of an organization are able to grant non-Google apps access to by whitelisting connected OAuth apps, which ensures that G Suite users can give access only to non-Google OAuth apps that have been vetted and are trusted by their organization.

The company assures users that no one at Google reads their Gmail, except in very specific cases where you ask them to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.

If you're concerned about your messages privacy, you should visit the Security Checkup to review what permissions you have granted to non-Google apps, and revoke those that you find rather untrustworthy.

No comments