When it comes to privacy on social media, we usually point fingers at Facebook for enabling third-party app developers to access users personal information—even with users' consent.
But Facebook is not alone.
Google also has a ton of information about you and this massive pool of data can be accessed by third-party apps you connect to, using its single sign-on service.
Though Google has much stricter privacy policies about what developers can do with your data, the company still enables them to ask for complete access of your Google account, including the content of your emails and contacts.
The entire Facebook's Cambridge Analytica privacy saga highlights how crucial it is to keep track of the apps you have connected to your social media accounts and permitted to access your data.
Last year, Google itself promised to stop scanning the inboxes of Gmail users for data-driven advertisements, but the company reportedly is still giving outside app developers the ability to snoop through hundreds of millions of private Gmail messages that flow through the email service on a regular basis.
A new report by the WSJ yesterday highlighted how Gmail's ambiguous app permissions have left your personal emails vulnerable to hundreds of third-party developers who can read nearly every detail from your most sensitive emails, including the recipient's e-mail id, timestamps, the entire email body.
This is because Google allows third-party app developers to build services that work with its Gmail platform, like "email-based services," "shopping price comparisons," and "automated travel-itinerary planners," and millions of users who have signed up for any of such services are at risk of having their private messages read by outside app developers and their employees.
Obviously, such apps get consent from users to access their inboxes as part of the opt-in process, but the news that third-party app developers could read your emails, which usually contains sensitive data, may come as a surprise to users who did not understand what they signed up for.
A Google spokesperson told the publication that the company examines all outside app developers before giving access to its service and if it "ever run into areas where disclosures and practices are unclear, Google takes quick action with the developer."
Discover the Hidden Dangers of Third-Party SaaS Apps
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
However, unlike Facebook's Cambridge Analytica case, there's no evidence of any third-party Gmail add-on developer has misused your data, just being their ability to view and read private emails, which itself seems like a privacy nightmare.
How to Check and Remove Third-Party Apps Access with Your Gmail Inbox
It is time to review all the third-party apps which have access to your Gmail inbox and revoke access if you find any of them untrustworthy or unnecessary, as your email data is much more sensitive than your data on any other social media platform.
This is the only precaution you can take right now. Here's how to do it:
- Head on to your Google's "My Account" page and log in with your Gmail credentials if you have not already.
- Once logged in, you will be able to see and review all the third-party apps you have given access to your Google accounts, including Gmail.
- Apps with access to your Gmail inbox will have a label called "Has access to Gmail" beneath its entry.
- Since Google currently does not provide a way to get rid of just the Gmail access, you can completely disable that app's access by hitting the "Remove Access" button.
You can also share your feedback with the tech giant if you find any site or app getting unnecessary permission to your Google account.