April 17, 2021 5:04 pm

Third-party apps can read email of Gmail users just as they can read SMS and call logs

According to a report in Wall Street Journal, Google allows third-party app developers to scan through Gmail accounts.

Must Read

According to a report in Wall Street Journal, Google allows third-party app developers to scan through Gmail accounts. Gmail’s access settings allow third-party app developers and data companies to see people’s emails and private details including recipient and messages. Although these apps do require user consent before accessing their , it hasn’t been made very clear by Google that the consent would allow humans and not just machines to access the emails.

The report further added that email data collectors use software to scan millions of messages a day, looking for clues about consumers that they can sell to marketers, hedge funds and other businesses,

Google has commented on the report saying that they provide access with users’ consent, and only to those third-party developers who have verified their identity, who included a clause about email monitoring in their privacy policy, and who are asking for data that is justified for the app’s services. Besides this, there are some developers have applied for access to Gmail but have not been granted those permissions.

Although there is no evidence that third-party developers have misused or leaked any critical data, just being able to view and read private emails puts the security of users in great danger.

In most cases when a user installs an application he/she is left with two choices – accept all the permissions that the app is requesting or do not install the app at all. Although some devices with the latest operating system have selective disabling features where a user can choose what all permissions he/she wants an app to have, this feature is still not available in most of the devices.

According to experts, what more important is that the data which is being accessed by the third- party applications are stored locally or are being transferred to the servers. If the data is being sent to a server then it will be a huge risk for the user as now the security of their critical information will hang upon how well secured the third-party organisation keeps it.

Meanwhile, if malicious hackers figure out a way to bypass the checks in place by Google and embed such permissions in their malicious apps, then it will a massacre out there. It all comes down to the hands of the users. Unless one is absolutely sure that he needs an app with the email monitoring feature, he/she should never download it as the emails are an access to one’s entire e-presence, from bank accounts to e-commerce to social media, said Ankush Johar, Director at Infosec Ventures.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

Share your views

*The moderation of comments is automated and not cleared manually by techobserver.in. Embedding of any link and use of abusive or unparliamentary language are prohibited.
- Advertisement -

Latest in TECH

Related Articles

- Advertisement -