Even though Google has ceased the practice of scanning user’s Gmail accounts to serve ads, the search giant admitted in a letter to lawmakers that — with user consent — it still allows third-party apps access to your messages. Google’s letter will likely set the tone for what lawmakers will discuss at a congressional hearing scheduled for September 26 on digital privacy with technology companies, including Amazon, Apple, AT&T, Charter Communications, Google, and Twitter.
Before any non-Google app can access your data, Google will display a permissions screen to show what data the app is requesting and how the app intends on using such data. “We strongly encourage you to review the permissions screen before granting access to any non-Google application,” Google wrote in a blog post. Business users on G Suite can also control how their data is accessed by non-Google services through whitelisting. The company claims to have a vetting process in place, and that apps that misrepresent themselves to obtain data will have their access revoked.
Typically, the types of apps that request permission to access your email include trip planners, customer relationship manager software, and shopping and discount apps. A trip planner app, for example, can scan your email to pull and compile all your travel information, reservations, and itineraries in one place, so you don’t have to manage your hotel, airline, and other reservations manually. Shopping apps, like Earny, can also scan your emails for online orders. If the service detects a price drop, it will request a refund for the price difference less a commission fee. While Earny and travel apps are useful tools that save consumers a lot of time — and money — lawmakers may be concerned that malicious apps may abuse the system to access personal and sensitive information from Gmail users. Given that there are more than 1.4 billion Gmail users worldwide, that is a lot of data that could fall into the wrong hands.