You may not be the only one reading your messages in your Gmail account.
While Google itself has stopped scanning Gmail users’ email, some third-party developers have created apps that can access consumers’ accounts and scan their messages for marketing purposes, according to a new report in The Wall Street Journal. In some cases, it’s not just the developers’ computers but their human employees who are reading Gmail users’ messages, according to the report.
Google has long allowed software developers the ability to access users’ accounts as long as users gave them permission. That ability was designed to allow developers to create apps that consumers could use to add events to their Google Calendars or to send messages from their Gmail accounts.
But marketing companies have created apps that take advantage of that access to get insights into consumers’ behavior, according to the report. The apps offer things such as price-comparison services or travel-itinerary planning, but the language in their service agreements allows them to view users’ email as well. In fact, it’s become a “common practice” for marketing companies to scan consumers’ email, The Journal reported.
It isn’t clear how carefully Google is monitoring such uses. Many consumers may not be aware that they’ve given apps such access to their accounts. Even if they are, Facebook’s Cambridge Analytica scandal offers a worrisome example of how similar access to consumer data can be abused.
Here’s how to see which apps have access to your Google account and how to block them from accessing it in the future.
From your Google Account homepage, go to the Sign-in & Security section.
To get to your Google Account page, select the “Account” icon from the app menu in the top right-hand corner of your Gmail account or navigate to myaccount.google.com.
Click on the “Apps with account access” link or scroll down to the very bottom of the page.
In that section, you’ll see all of the apps to which you’ve given any kind of access since you created your account.
Select “Manage Apps” to see more details.
You’ll see what kinds of information and services inside your Google account to which the apps have access.
Google organizes apps that have access to your account into three different groups.
The three groups are apps that allow for “Signing in with Google,” “Third-party apps with account access,” and “Google apps.”
It’s obvious what Google apps are – things like Chrome and Drive. But here’s how the two other groups differ:
Apps in the “Signing in with Google” section have access to your name, email address, and profile picture. But in some cases they may have access to more of your information – potentially a lot more, such as the ability to read and delete your email messages.
You most likely gave the “Signing in with Google” apps permission to access such data because you wanted to use your Google login to sign into your accounts with them instead of having to create separate user accounts and passwords. But some companies that use Google’s apps in their workplaces also require their employees to use their Google login to sign in to other apps and services.
The “Third-party apps with account access” typically have access to much more than just your basic profile information. In fact, according to a Google support page, these apps often “can see and change nearly all information in your Google Account.”
Developers whose apps have such access to your account can’t change your password, delete your account, or use Google Pay on your behalf, but they can read your email – or have their employees do it.
Some apps require those kinds of permissions to do what you’ve asked them to do. If you want to be able to use a mail app on your computer to manage your Gmail account or your Google calendar, it needs to be able to read and delete messages or appointments.
But you should make sure you trust the apps and developers that have such access to your accounts and that you are giving them only as much access as they need.
If you see one you don’t trust, you can block it by clicking on “Remove Access.”
After clicking on that button you’ll have to click “OK” to confirm that you really want to block the app. The app should then disappear from the list of apps that have access to your account and should no longer have any ability to view or do anything else with your email or other data.
It’s a good idea to check the “Apps with access to your account” page every few months to keep your account safe from wandering eyes.