Facebook has been in the headlines for playing fast and loose with your privacy, but a new report from the Wall Street Journal suggests Google isn’t always safeguarding your personal information, either. Gmail has always had some questionable privacy problems: the company has fielded several lawsuits over its practice of scanning email and serving up ads based on what it found. Google stopped scanning your inbox last year, but that doesn’t mean other companies have. In fact, third-party companies may have more access to your inbox than Google ever did.
The problem — as with Facebook — comes when you give apps access to your account in order to use their services. In the case of Facebook, this often meant innocuous-looking quizzes and games, but Gmail apps are often useful tools that just happen to gain access to your inbox when you sign up.
One of Earny’s partners is a company called Return Path, which scans mailboxes to collect data for marketers. And to do this, Return Path — and similar companies — may have more than software scanning your mailbox. In fact, Google’s policy doesn’t have anything to prevent these developers reading your email themselves. Return Path employees personally reviewed 8,000 messages in order to help train its software.
And these aren’t the only companies with unrestricted access to your email — many useful apps that access your mailbox to help you out may be using your personal information for other purposes.
Google stresses that you have complete control over your personal information (another line we’ve heard from Facebook). The company reviews every developer making apps for Gmail, ensuring the companies and apps are legitimate. But that doesn’t mean these apps don’t have broad access to your email. Even though you have to give the apps permission before they can get into your mailbox, when you clicked “accept,” you probably didn’t realize you were signing up to have marketing AIs — and actual humans — to rifle through your mailbox.
If you’re concerned about the security of your Gmail account, start with Google’s Security Checkup, which will highlight any potential security concerns. Clicking on “Third-party access” will list apps with access to your account, and suggest disabling apps you haven’t used recently — particularly those that don’t support secure two-factor authentication. It also lists apps with low-risk access to your account, explaining that “it’s safe to keep giving these apps or services access if you trust and use them. They have low-risk account access or Google verified their developers’ information.”
But while these app developers have been vetted by Google, they may still have full access to your mailbox. As long as you’ve given them permission to read your emails, that’s fine with Google.
To protect your privacy, we recommend reviewing all of the apps that have access to your account, as well as the services you sign on to with your Google account. Google lists everything using your account, and you can click on any app to see exactly what it has access to. If there’s anything you don’t use — or anything that has access to more information than you’d like — just click “Remove Access” to get rid of it.
And in the future, you may want to be careful about which apps you give account access to.
[Image credit: accessing Gmail on a phone via BigStockPhoto, Google]