Google headquarters in London

App developers read millions of Gmail users’ emails, report reveals

Image credit: Dreamstime

A Wall Street Journal investigation has found that Google has allowed third-party developers to sift through users’ emails and target advertising based on the contents.

Google promised in June 2017 to stop scanning all Gmail users’ emails for information that could be used to target advertisements, stating that the company would “keep privacy and security paramount”. Google software was found to be responsible for autonomously scanning the content of emails and selling adverts placed in users’ inboxes relating to this content; the company initially argued that this practice helped pay for the cost of its free Gmail service, but was met with anger from users and privacy advocacy groups.

Now, an investigation by the Wall Street Journal – based on more than 20 interviews with email app maker and data company employees – has found that hundreds of third-party app developers continue to access the inboxes of millions of Gmail users who signed up for email-based services which offer tools such as automated travel planners or price comparisons.

These developers allegedly train their computers (and in some cases, employees) to read the inboxes of users who have signed up to their services.

One company singled out by the investigation was Return Path Inc, which collects marketing data by scanning more than two million users’ inboxes. These users were found when they signed up for a free app associated with the company using a Gmail, Microsoft or Yahoo email address. Approximately 100 million emails were scanned automatically every day, with up to 8,000 emails a day being read by employees to help train the machine-learning software more effectively.

Thede Loder, former CTO at eDataSource Inc, told the Wall Street Journal that allowing employees to read private emails was “common practice” for companies like Return Path. This could allow developers to improve their code. Neither Return Path nor eDataSource explicitly asked for users’ consent to read their emails, although this practice is allegedly covered in their user agreements.

“Some people might consider that to be a dirty secret,” Loder commented. “It’s kind of reality.”

Google states that it provides user data only to “trusted” third parties who have been given explicit permission to access user emails and forbids third parties from exposing users’ private information. According to the Wall Street Journal’s report, however, even trusted parties have arguably misused their access to users data and Google did little to enforce these policies intended to protect the privacy of users. One app developer said that he saw no evidence of Google employees reviewing his company’s practices.

The report could extend the reach of the ongoing controversy over access of third parties to private user data, which has enveloped social media behemoth Facebook this year. Notably, it was revealed that Cambridge Analytica – a data analytics company - had underhandedly harvested personal data from at least 87 million Facebook users and used this data to target political adverts based on users’ personality traits, including for Donald Trump’s 2016 presidential campaign.

Google stated that it manually reviews every developer and app requesting access to Gmail, taking quick action against misbehaviour and that it allows any users to revoke access to apps at any point.

Recent articles

Info Message

Our sites use cookies to support some functionality, and to collect anonymous user data.

Learn more about IET cookies and how to control them