Like Facebook earlier this year, Google is facing scrutiny as users report their data being misused by third parties. And while the advertising giant says it doesn’t scan emails in order to personalise ads, third parties can still get access to your data as long as you give permission. The problems start after that.
There are a number of apps and services that can be granted access to “read” your email. For example, one of my favourite apps, TripIt, can do this. But it requires my permission before its APIs can delve into my inbox to locate travel plans such as flight bookings and hotel reservations. Google’s problem, according to a report by the ABC, is that those third parties may be playing fast and loose with your data once they get access to it.
Just to be clear, while I don’t give TripIt access to my email, I don’t believe they’re implicated in this.
The ability to have some intelligent software scan and help manage email is not new. There are dozens of services around that will do things like look at an email address and tell you about the sender. For example, Sales Navigator for Gmail (formerly known as Rapportive) is a Chrome extension that grabs social media information for anyone who sends you an email so you can almost instantly get a view of a new contact or what’s going on with people you know.
It’s up to you to decide whether the benefit of the app outweighs the level of access you’re granting it.
The ABC’s sensationalist headline, “Google confirms external apps can scan your emails: here’s how to check”, is a statement of the bleeding obvious to anyone who has ever installed a Gmail plug-in or app. Whenever an app wants access to your Gmail account, it asks for permission and tells you what it wants access to. It’s a headline designed to confect outrage and completely misses the point about what the problem actually is.
Google isn’t off the hook. It’s up to them to ensure the developer continues to use the data you have given them permission to access in the same way you agreed. This is the real problem.
For example, if I used a Google add-in to send me information about meeting attendees in my calendar so I’m prepared for meetings, I wouldn’t want the provider of that app to suddenly use those names and email addresses from calendar invitations to build a list of senior executives from IT companies they they can on-sell to marketing companies.
If you’re concerned about third-party apps that have access to your Gmail account go to the Security Checkup and look at what apps you’ve granted access to your Google account and make a decision about whether that permission is still required.
I did that. I had two apps with access to my Google account. One was an old app I no longer use so I removed its access.