Gmail App Developers Can Read the Emails of Millions of Users

As reported by The Wall Street Journal, third-party app developers can read the emails of millions of Gmail users. Due to the access settings in Gmail, the popular email app allows data companies and app developers to see a wide range of private details, including recipient addresses, timestamps, and even entire messages.

The Wall Street Journal’s report mentions two apps that have been given specific access by Google to read users data. One of them is Return Path, an app that analyzes users’ inboxes and collects data for marketers. According to the report, Return Path employees read about 8,000 user emails in two years in order to better develop the company’s software. The other company, called Edison Software, reportedly let its employees read thousands of emails so they could better train its “Smart Reply” feature.

Both companies have come forward in defense of letting their employees see user emails. In a blog post on their website, Return Path said “As anyone who knows anything about software knows, humans program software – artificial intelligence comes directly from human intelligence. Any time our engineers or data scientists personally review emails in our panel (which again, is completely consistent with our policies), we take great care to limit who has access to the data, supervise all access to the data.”

Edison also defended its action and has announced they have stopped the practice. CEO Mikael Berner said in a statement “Our email app was mentioned in the context of our engineers having in the past the ability to read a small random sample of de-identified messages for R&D purposes. This method was used to guide us in developing our Smart Reply functionality which was developed some time ago. We have since stopped this practice and expunged all such data in order to stay consistent with our company’s commitment to achieving the highest standards possible for ensuring privacy.”

While it shouldn’t be a complete shock that software developers have access to user data, the thought of a pair of human eyes reading over your personal correspondence is admittedly a shock to people. Just last year, Google announced it would stop scanning user emails for data to help them better target ads at users. However, this does not apply to third-party developers. This has been a critical issue in the tech community after Facebook disclosed its massive data breach with Cambridge Analytics, a digital consultancy firm that mishandled the personal data of 87 million users.

Google has stated that the company makes all third-party developers who want to access Gmail data undergo a rigorous vetting process. The process involves checking whether a company’s identity is correctly represented by its app, and that its privacy policy is concurrent with the work they’re doing. Google has yet to comment on how close their relationship is with third-parties who have access to user data.