The debate about how tech companies use consumer data and the mechanisms that have users give consent to this use, is nothing new. But a recent Wall Street Journal report has got people talking by saying Google routinely allows outside software developers full access to read private messages of gmail users.
So, how do you know if someone’s been digging around in your mail?
Google gives outside software developers access to read private messages of gmail users, according to media reports.
Giving consent
There are millions of apps and services that connect to your Google account for all sorts of reasons (and it’s a similar deal for Outlook, Facebook or other accounts). When you first log in to one of these services with a Google account, or install an app on one of your devices, a Google prompt will ask you to give it certain permissions — be it access to your Drive files, YouTube account or calendar appointments — in order for it to do what it’s designed to do. If you’ve ever had one of these ask for access to read your email messages, and you agreed, it’s possible your emails are being read.
On desktop, Google’s permission prompt looks like this.
In a blog post, Google’s director of security Suzanne Frey explains that before an app can even ask for permission to read your Gmail messages it must pass a stringent review.
“Before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does,” Frey says.
In short, developers need to show that they’re doing what they tell users they’re doing, and they need to prove that they need access to email messages to do that. The result of all this, ideally, is that the only people with access to your email are developers making services that you want to use, and who you are happy to give access to.
In reality, of course, people often rush through security prompts because they want to use the app or service immediately. And once they’ve finished using the service, they may not remember that they gave a developer ongoing access to read their emails.
If you want to check if any developers have permission to read yours, you can go to Google’s privacy checkup page. If you’re logged in with your Google account, you’ll see a tab titled ‘Third-party access’. Here you can review which apps have access to what data, and revoke any you like. Google itself previously scanned user gmail messages to help target advertising, but it ceased that practice after criticism last year.
What does ‘read’ really mean?
What’s most contentious part about the WSJ story is that people who explicitly allow an app to “read” their email may not realise what that means to its true extent. People are surprised to find that what they thought they were agreeing to — perhaps a dispassionate piece of software harmlessly scanning their emails — could actually involve a real human reading about their doctors appointments or love affairs.
Security expert Troy Hunt says that agreeing to give any app access to your email is a serious decision with big implications for your privacy and data security, but that the possibility of an another person seeing your private communications isn’t really the part you should be worried about. Granting permissions like this moves your data out of the hands of Google, he says, and it can be impossible to know what’s happening to it.
“There is some other third party that has written code that is reading your email. It could be analysed for keywords, it could be sent off to another third party that’s going to read through it. This is what granting permissions does. It really puts you in the hands of that third party,” Hunt says.
‘Worst of both worlds’
“When you have someone’s code scanning your emails, it can consume a huge amount of information very quickly. But we seem to be less concerned about what the computers are doing and more concerned with what other humans are seeing.”
In most cases, Hunt says, humans and the code they write are working together to crunch your data in whatever ways they can to build and monetise their products.
“It’s the worst of both worlds,” he says. “Code is scanning and aggregating your data, with the findings passed down for humans to read.”
Hunt says the best you can do is think about whether you need the app you’re installing, and then think about what permissions the app really needs and approve accordingly. If it’s an app that controls the flashlight on your phone, for example, it won’t need access to your GPS.
There are apps that do ask for permission to your email, and plenty have a legitimate reason to do so.
“There’s a very, very limited set of apps, in the broader scope of things, that need to access your email or contacts,” Hunt says.
Why humans?
Of course there are plenty of apps that do ask for permission to your email, and plenty have a legitimate reason to do so. But why would a company use humans to read your emails, and how could Google possibly agree that such access was justified in order to provide the app’s advertised function?
One of the developers mentioned in the WSJ story, Edison Software (formerly EasilyDo), makes an email app that “intelligently manages” your mail from Google or any of a number of other providers. One feature is that the app will suggest replies to emails you receive, but in order to develop and test this feature the developers needed to see it in action.
“Two of its artificial-intelligence engineers signed agreements not to share anything they read”, says Edison CEO Mikael Berner in the WSJ report.
“Then, working on machines that prevented them from downloading information to other devices, they read the personal email messages of hundreds of users — with user information already redacted — along with the system’s suggested replies, manually indicating whether each made sense.”
Of course, while this seems like a sensible use of data, the users whose emails were used for the exercise arguably did not explicitly consent. They clicked a button to allow Edison to “read” or “manage” their email, but it’s possible they imagined those actions taking place in the context of actually sorting and managing the messages, not their being read by humans to help develop new features.
The crux of the matter
And this is really the crux of the issue. To get a full understanding of how your data was going to be used, in this scenario, you would need to read and agree to the permissions Google serves up when you install the app and you would need to seek out and read the developer’s full privacy policy and terms of service.
“And who’s going to do that, right? We know nobody’s feasibly going to read them,” Hunt says.
“[Terms and policies] are lawyer arse-covering exercises, and I don’t think the fact that they’re documented really makes much of a difference.”
“It comes down to the fact that we really need to trust that companies are being responsible with data, and when they’re financially incentivised not to be that can be a problem.”
Hunt says he hopes new regulations like Europe’s General Data Protection Regulation (GDPR), which recquires companies to clearer in communicating what they do with data, will improve matters.