For a long time the answer to the question “Who’s been reading your Gmail?” has been Google’s advertising algorithms. They stated that they have stopped doing that last year. However the ability, by others, to continue to read your e-mail remains, and you may have given some other company access to do so without being fully aware of it.
I have covered this area before, where I talked about Mobile App permissions. It’s pretty easy to see what permissions a Mobile App is looking for and to make an educated decision about whether it should receive those permissions by you.
In this newly revealed situation, some third-party developers, who create add-on apps for your e-mail may have actually had real people reading your e-mail. 😲
The apps in question are usually performing some useful function, like monitoring your mailbox for meeting invitations and then suggesting appropriate times for the meeting. Or itinerary/travel planning apps that look for flight/hotel booking e-mails and then package them up into a useful, coordinated scheduling pack.
According to this Sophos report, when you install these (usually free) add-ons:
Users had to agree to share that information first, granting explicit permission for an app to access your Gmail account or your broader Google account. However, what users may not have known is that this doesn’t only give the third party company’s software access to your email. It gives developers inside those companies the ability to manually access them too.
And as is also reported in that Sophos report, one of the companies did admit to allowing their staff to actually read people’s e-mails, supposedly to include new features that people might find useful. However what’s at play here is that most people weren’t aware that their actual e-mails are being read by another actual human.
Most people, myself included, went “Meh!” when we heard that Google’s advertising algorithms were scanning our e-mail content, because it is some non-human thing that is looking at the cold hard data.
However, the notion that another actual human may have been reading sensitive, private discussions in an e-mail chain would be quite concerning to most people and rightfully so.
How can you find out who’s been reading your Gmail?
Well you might not be able to find out if they have read your e-mail, but there’s something really easy you can do to find out what apps have got access to your Gmail.
Check the apps with access to your account page for your Google account and review any apps you have there. I’ve just done it and found there was an app that I previously used to look at Google Analytics, but have since stopped using and uninstalled. However the app developers still would have had permission to access any Google Analytics data I had (which I don’t any more as I have stopped using that too). I simply clicked on the app and removed it’s access. It’s that simple.
If you do have these apps that can enable somebody to read your Gmail, you need to consider a couple of things:
- If this is your business e-mail account, have you considered the #GDPR aspects of giving an external third party access to view personal data? You will need to have a Data Processing Agreement in place with the third party and also declare their access to the individuals whose personal data you process.
- If this is your personal e-mail account, then you have got to make the determination if the app is so useful to you that you are happy to allow some developer, somewhere in the world read your e-mail.
For me privacy wins out every time.
Let’s be careful out there!