Your email might not be safe from prying eyes, whether you’re using Gmail, Yahoo! Mail, or Outlook. And especially if you’re using third-party email clients. A recent report revealed how some developers have no qualms about letting their employees read emails that pass through their apps. Google has responded with a blog post that explains how it has mechanisms in place to prevent such abuse. Except said mechanism doesn’t seem to protect users from such third-parties and, maybe, even from Google itself.
Google has stopped giving human employees access to emails after reports of its business practice came to light. And while its own policies prevent that, it appears to have little control over what app developers outside Google do to those emails. And, according to those developers, it’s common knowledge, tech’s dirty secret.
Google also lays part of the responsibility on the users, explaining how they can review and revoke permissions they give to apps for accessing their emails. They can also check the non-Google apps that have access to their Google data through their account’s Security Checkup. The one problem with this admittedly useful control is that it doesn’t actually clue users in on how the app developers or companies may or may not have their employees read their emails. Granting an email app permission to view and manage emails is, of course, on par for the course. But unless users dig into user agreements and terms of services, they will never find out that they have granted those developers and service providers permission to have humans read those emails.
It’s almost a fact of email life that emails are at the very least scanned in the name spam filtering. Google assures its Gmail users that it does not do so for the sake of serving ads. It also says that no one at Google ever reads your email, but does make two exceptions. First is when you give them your consent and second is when investigating security matters. Google doesn’t say if they need your consent for the latter.