In this age of the Facebook Cambridge Analytica scandal, people are now very conscious about giving access to third-party users since these may not always be aboveboard and may use the data for nefarious reasons. A new report by The Wall Street Journal shows that while Gmail may have told people they’ve stopped their computers from scanning users’ emails and sending them targeted ads, it looks like they’re still letting third-party app developers “read” emails and view private details. Users may be giving permission to these apps in one way or another, but it may not always be clear what permission you’re granting.

These apps do explicitly ask you to grant them access to your email in exchange for some free service or to sign up for a website or log in to an app using your Gmail credentials. You’ve probably seen those requests for email management apps to “read, send, delete and manage your email” and if you really wanted to use the mobile app as your main email app, you will of course grant this permission. But what you don’t know is that sometimes, humans are doing the accessing and reading and not just the computers that we assume are the ones doing it.

Companies like Return Path and Edison Software lets their human engineers view the email messages to train their machine algorithms to handle the data. In some cases, they realized that the computers were mislabeling or misreading the data and they needed human intervention to be able to perfect their app’s algorithm. Their privacy policies mention monitoring emails but they don’t mention the human part. Edison Software says that they have now stopped this practice and “expunged all such data” to comply with their privacy priority.

Google for its part says that this access to their users data is only given to third-party developers that have been closely vetted. They check on the company’s identity, its privacy policies, and that the data they are getting makes sense for the business that they are running. There are times when Google employees do read emails but it’s with very specific cases where users give Gmail their consent or for security purposes like investigating a bug or abuse.

So far, there has been no proof that data acquired by Google or these third-party developers have been misused, just like with the aforementioned Cambridge Analytica scandal. But there’s still this uneasy feeling that all these 3rd party apps can see things like recipient addresses, timestamps, and yes, entire messages. And given that phishing attacks are getting smarter and more inventive, it’s only a matter of time until something goes wrong or a person sells the data to nefarious elements. Google and these developers need to assure us that they’re taking every precaution to protect their users.

VIA: Wall Street Journal