Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Allows Outside App Developers To Read People's Gmails, Says Report (thisisinsider.com)

Posted by BeauHD on from the on-the-outside-looking-in dept.

According to The Wall Street Journal, hundreds of app developers have access to millions of inboxes belonging to Gmail users (Warning: source paywalled; alternative source). The developers reportedly receive access to messages from Gmail users who signed up for things like price-comparison services or automated travel-itinerary planners. Some of these companies train software to scan the email, while others enable their workers to pore over private messages. INSIDER reports: It's not news that Google and many top email providers enable outside developers to access users' inboxes. In most cases, the people who signed up for the price-comparison deals or other programs agreed to provide access to their inboxes as part of the opt-in process. In Google's case, outside developers must pass a vetting process, and as part of that, Google ensures they have an acceptable privacy agreement, The Journal reported, citing a Google representative.

What is unclear is how closely these outside developers adhere to their agreements and whether Google does anything to ensure they do, as well as whether Gmail users are fully aware that individual employees may be reading their emails, as opposed to an automated system, the report says. It's interesting to note that, judging from The Journal's story, very little indicates that Google is doing anything different from Microsoft or other top email providers. According to the newspaper, nothing in Microsoft or Yahoo's policy agreements explicitly allows people to read others' emails.

9 of 96 comments (clear)

  1. OMG by cesarbp · · Score: 2

    Oh my god, my private porn now is public?

  2. When will people learn by Rosco+P.+Coltrane · · Score: 5, Insightful

    Cloud = letting untrustworthy and/or incompetent companies manage your own data.

    Roll-your-own IT = hard (as in, really hard - I'm not talking managing 5 servers in a small company), but as good and/or competent as you/your organization is willing to be.

    The former looks like a good, cost-effective option until the company that manages your data screws your over or the internet goes down. The latter then starts to look like a better deal - but by then, it's too late.

    Now then, ask yourself: is Google competent? Probably. Trustworthy? Hell no...

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
    1. Re:When will people learn by Aighearach · · Score: 4, Insightful

      The former looks like a good, cost-effective option until the company that manages your data screws your over or the internet goes down. The latter then starts to look like a better deal - but by then, it's too late.

      Or gets bought/merges and the people who own "your" data now don't screw you over at all; they just never made you any promises!

  3. No actual problem here by Anonymous Coward · · Score: 2

    Don't trust someone to read your email? Then don't give them access to your email.

    This is an opt-in process that is clearly disclosed when you sign up for whatever random app requests access to your email. Nothing sneaky or underhanded at all, at least not on the part of Google. Maybe it's foolish to grant access to these apps, but that's the user's decision. Frankly the fact that Google performs any sort of vetting at all is more than they need to do.

    The only thing that Google could stand to improve is the control and granularity of the permissions. Just as Android has been moving to a blurry, vague model for permissions where average users have no idea what they're actually permitting, it's no surprise that users of Google's web services are experiencing similar problems. If nothing else, reading mail, sending mail, and managing mail you've received should all be separate permissions.

    1. Re:No actual problem here by kqs · · Score: 2

      So? Do you think that when you send someone email, you can control what they do with it? That's impressively arrogant. If they have chosen to let someone else access their email, whether it is a personal assistant, or Google, or Bozo the Clown, you have no say unless you have some legal contract with them.

      As to the subject of TFA: It's always tough to parse through the WSJ's misinformation to find the truth, but in this case I _think_ they are saying "if some plugin asks for access to your email and you approve, then that plugin has access to your email. Also, you should have fear, uncertainty, and doubt about Google."

  4. trust by cascadingstylesheet · · Score: 4, Insightful

    Unfortunately, you pretty much have to trust somebody.

    Hosting your own email on your own server is not easy. It's not going to be the common way for all but a few odd geeks.

    The rest? Gotta trust somebody ... your ISP, or Gmail, or MS, or some guys in Switzerland who assure you that they are the safe option, or ...

  5. Read the article you linked to! by Anonymous Coward · · Score: 3, Funny

    Read the article you linked to. You consent to it when you agree to the terms of service:

    The search was legal because it fell within Microsoft's terms of service which state that the company can access information in accounts that are stored on its "Communication Services", which includes email, chat areas, forums, and other communication facilities.

    The terms of service add: "Microsoft reserves the right to review materials posted to the Communication Services and to remove any materials in its sole discretion."

    If you don't like the terms of service then don't use the service!

  6. FUD by farble1670 · · Score: 4, Insightful

    These people explicitly signed up for the service and granted it access. Look at the screen caps in the linked article:
    https://amp.thisisinsider.com/...

    It says right there "VIEW ... YOUR EMAIL IN GMAIL". If you were dumb enough to do this, and want to undo it, just go to your account settings and revoke that developers' access.

  7. OAUTH2 is not "Google" giving access by Alascom · · Score: 5, Informative

    Google is NOT giving anyone access to users email inboxes. Period. Full stop. End of story. Shame on Slashdot editors for ever allowing this submission.

    USERS are giving 3rd party sites access to their own email by clicking "accept" on OAUTH2 requests that explicitly tell the user in big bold letters that by clicking OK they will be giving a 3rd party access to "VIEW MANAGE AND DELETE YOUR EMAIL, COMPOSE AND SEND NEW EMAIL". This isn't misleading, subtle, or accidental access - it is gross incompetence on the part of the user.

    Read more here: https://en.wikipedia.org/wiki/...

    But fake news generates fake headlines and fake outrage which leads to higher click-thru rates and more ad impressions for the website.