A new report has outlined how third-party Gmail app developers are able to read your email. The fact that it’s so easy for them to do so is worrying, but thankfully it’s a fairly easy process to see which apps have access, and to revoke it accordingly.
The report comes from the Wall Street Journal and reveals the disturbing open secret within the tech industry. Google itself has recently assured everyone that its own employees will not read your emails (outside of “very specific cases”), but it made no such assurances about third-party app developers.
In a statement to The Verge, Google said that it vets third-party companies before giving them the ability to read emails. These companies include Return Path and Edison Software. Many such apps don’t ask for explicit consent, but argue that you gave it anyway when you agreed to the lengthy user agreement that — let’s be honest — you didn’t read.
If you’re thinking this sounds very similar to Facebook’s Cambridge Analytica scandal then you’d be right. In both cases it’s not the companies themselves that are playing fast and loose with your data, but the third-party services that they grant access to it.
It’s a frustrating situation, and we hope Google steps in to fix the issue. Until that happens, here’s how you keep your emails safe.
How to stop third party apps from reading your emails
- Head over to your Google Account settings.
- Look at the apps listed under ‘Third-party apps with account access’.
- Look for any with the words ‘Has access to Gmail’ next to them and click them.
- Click ‘REMOVE ACCESS’, and confirm your decision by pressing ‘OK’.
Once you’ve revoked their access, then you’ll have to use Gmail directly through Google’s own services to avoid needing third-party access.
Unfortunately, if there are any apps in that list that have access to your emails that you absolutely have to use then you’re a little bit stuck. Your only real option is to either change email provider, or wait until Google responds to the issue.
Time for Email to learn from WhatsApp?
The most frustrating thing about the whole situation is that email encryption (which would prevent anyone other than the recipient from being able to read your emails) has existed for literally decades.
The problem is that the standard, called OpenPGP, isn’t natively supported by major webmail services. You can get it working with the use of third-party browser extensions like FlowCrypt, but this is a step that few people are likely going to bother to take.
WhatsApp is the polar opposite. By encrypting all its messages by default, WhatsApp has made it so that your security isn’t going to be let down by your one technologically illiterate friend who doesn’t know how to enable encryption.
Email is a different beast from WhatsApp because multiple different services are involved with the sending of every email, including different email providers, web portals, and email clients. It’s much more simple for WhatsApp when everyone is using the same app to communicate, and the company is in control of that software.
But the tech community has solved bigger problems in the past, and we think it’s time for email providers to attempt to tackle the encryption problem.
Are you concerned about third-party apps being able to read your emails? Let us know @TrustedReviews