Google has revealed that certain third-party app developers have the ability to read private emails sent and received by Gmail users.

Users who have connected third-party apps to their Gmail accounts have given staff permission to read their messages without being fully aware of the consequences.

Nevertheless, the emailing service indicated that the practice was “not against its policies”.

Personal & sensitive information

“In the wake of GDPR and the Facebook scandal, it’s little wonder that such revelations are alarming. As consumers, we have a right to privacy – but we need to be aware of what terms and conditions we are agreeing to when signing up for free email and social media accounts, especially regarding the rights we are waiving or the access to data that we are giving away,” commented David Emm, Senior Security Researcher at Kaspersky Lab.

Google admitted that firms who have been assessed are able to access messages, but only if users “explicitly granted permission to access the emails”.

Staying secure

“We should think twice before allowing third-party apps to connect to our accounts. Organisations have a duty regarding our privacy – especially those able to access our sensitive information – by making such terms and conditions as transparent and easy to understand as possible,” added Emm.

“When we are communicating with loved ones or colleagues, sharing personal and sensitive information, we should feel safe in the knowledge that what we are sending is private.”

He also noted that anyone with a Gmail account who is worried about their emails being read can make use of Google’s ‘Security Check-up’ to see which apps are linked to their account.

Written by Leah Alger