According to a report in Wall Street Journal, Google allows third-party app developers to scan through Gmail accounts. Gmail’s access settings allow third-party app developers and data companies to see people’s emails and private details including recipient and messages. Although these apps do require user consent before accessing their email, it hasn’t been made very clear by Google that the consent would allow humans and not just machines to access the emails.
The report further added that email data collectors use software to scan millions of messages a day, looking for clues about consumers that they can sell to marketers, hedge funds and other businesses,
Although there is no evidence that third-party developers have misused or leaked any critical data, just being able to view and read private emails puts the security of users in great danger.
In most cases when a user installs an application he/she is left with two choices – accept all the permissions that the app is requesting or do not install the app at all. Although some devices with the latest operating system have selective disabling features where a user can choose what all permissions he/she wants an app to have, this feature is still not available in most of the devices.
According to experts, what more important is that the data which is being accessed by the third- party applications are stored locally or are being transferred to the servers. If the data is being sent to a server then it will be a huge risk for the user as now the security of their critical information will hang upon how well secured the third-party organisation keeps it.
Meanwhile, if malicious hackers figure out a way to bypass the checks in place by Google and embed such permissions in their malicious apps, then it will a massacre out there. It all comes down to the hands of the users. Unless one is absolutely sure that he needs an app with the email monitoring feature, he/she should never download it as the emails are an access to one’s entire e-presence, from bank accounts to e-commerce to social media, said Ankush Johar, Director at Infosec Ventures.