After that report from the Wall Street Journal saying that Google is giving 3rd party apps access to your Gmail inbox, we of course expected the tech giant to respond. They did not deny of course that this is happening since it is after all part of the information exchange among them, the developer, and the user itself. But what they gave us is an explanation of their app developer vetting process and a reminder that the user can actually control what information they give these services. Well, at least on paper.
Google explained their screening process for those non-Google 3rd party apps that can access your Gmail messages. These apps have to go through a multi-step process, both automated and manual. The privacy policy is also reviewed and their homepage is assessed to ensure that it is a legitimate one. They have two key requirements for the app to pass the screening. One is that the app should not misrepresent itself and that it works how it says it will and more importantly, they should be clear how they use their data. The second one is that they will only request data that is relevant to how their app works and again, they should be clear how they will go about using said data.
Google is also reminding users that they have the control over their data and what they share with the developers of the apps that they use. Whenever a non-Google app is requesting access to your information, you see a permissions screen where all the types of data that need to be accessed are listed and how they’ll use that data. Oftentimes, we just don’t read through it, but if you’re one of those who got bothered by the WSJ article, then you should probably review this screen before saying yes or no when using a 3rd-party app.
Google also has data controls made easier to access and use if you want to change things any time you want to. The Security Checkup page actually shows you all the non-Google apps that have access to your data. It will also tell you “potentially risky” apps so that you can revoke permissions if you need to. If you are part of an organization that uses G Suites, your admins also have access to tools to control what data non-Google apps can have access to.
At the end of the day, while Gmail has removed the practice of scanning through your emails to give you targeted advertising, they do still “conduct automatic processing of emails” to give you other features like Smart Reply. But they’re clarifying that Google doesn’t read your emails except during certain instances where you give them access to it or for security purposes (investigating abuse or a bug). Whether or not you trust them that they’re only reading it during those circumstances, that is between you and your Gmail.
SOURCE: Google
