Synthesis IT

Free IT Health Check! Get in touch today 0191 270 4370


Google: Who’s Reading Your Gmail?

Gmail is the free email service from Google. It’s came to light that some of the 1.4 billion users may be sharing their emails with more than just the intended recipients. The Wall Street Journal brought this to world-wide attention on 2nd July, but this has been a “dirty secret” amongst app developers for years.

There’s nothing new about computers reading your email. Your anti-virus has to do it, your anti-spam has to as well, and if you want to use a free service you’re probably going to have your emails scanned for marketing purposes (though Google claimed to end this practice for Gmail a year ago).

Some of these emails can be read by actual humans, Google has now admitted. What makes for further uncomfortable reading is that these people aren’t Google employees, they can come from any company that has an app that has permission to interface with aspects of your Google account.

How does it work?

You allow it to. The apps require your permission to do this, unfortunately it’s not always clear when you’re granting permission. It’s been claimed some of the incidents of this happening have come from seemingly unrelated sources like shopping price comparisons, automated travel-itinerary planners or other tools or apps that help you manage your calendar/gmail (or even if they don’t).

Gmail Permissions

Is it a big deal?

Well, yes, it’s an important reminder. Your tech-savvy friends will tell you it’s not news that an app is doing exactly what you allow it to, but let’s be honest, many people are not tech-savvy and it’s not exactly clear what you’re agreeing to when you install apps. Moreover it’s reasonable to expect a duty of care by companies such as Google to protect your privacy.

As individuals, it should be important to realise that there are companies that do try to gain access to your data. It’s been news for years, but worth reiterating that there are many phone apps out there who ask excessive permissions. The cliché example is torch apps that require location data, view call details or text on your behalf – none of which are going to help you find your keys in the dark. Stories like these need to remind us all that privacy and security still demands vigilance by the user.

This is rightly alarming for business owners who use G Suite. Maintaining white-lists of which non-google apps their users’ can install is one option. White-lists are a selection of Apps you specifically allowed users to install, in contrast to black-lists. You’re only as good as the white-list you maintain, so making sure the systems are administered appropriately is imperative.

What did Google say about it?

Google make the usual statements of their commitments to privacy and security and provide instructions of how to check your apps, but importantly they say: “We strongly encourage you to review the permissions screen before granting access to any non-Google application.”

And they point users to their security check up page where users can view potentially risky apps.

While this is all well and good, we’ll detail the way we recommend to check your permissions at the end of this article.

What should businesses be thinking?

We are of the belief that a business needs a professional solution. If you have privacy concerns, our recommendation has always been and will continue to be on-site solutions such as Microsoft Exchange Server where you remain in control of your data, but we do understand that cloud-services such as Office 365 and G-Suite do have their own benefits and advantages. Weighing this all together is when you may want to get some advice. Do get in touch with myself or the office if you want some truly independent advice.

How can I protect my Gmail?

It’s vitally important to read all app permission requests going forward, but you definitely want to review existing app’s access. We need to check whether these permissions are appropriate or relevant. So cue some guide pictures:

  1. Visit your Google account by visiting your local Google website in your PC’s web-browser and clicking on your account avatar. You may have more than one account so this whole process could need repeating for each.
    Select your user icon in the top right
  2. Click on your account.
    Click on "Google Account"
  3. Click on Sign-In & Security
    Click on Sign-In & Security
  4.  Look at the menu on the left and select “Apps with account access” under the “Sign-in & Security” sub header
    Click on "Apps with account access"
  5. Look at the box that says “Apps with access to your account” and click on “MANAGE APPS”
    Click on "MANAGE APPS"
  6. Pay attention to the box which says “Third-party apps with account access”. These are the apps that Google don’t control and pose the main risk.
    Pay attention to the box which says “Third-party apps with account access”
  7. Review and remove any apps that you no longer use, recognise or demand more access than you feel they need. For instance something that has full access to your emails may appear like below.
    Review apps for appropriate access
Monday, July 9th, 2018 by Dan Lowe About Us

Leave a Reply

You must be logged in to post a comment.



Got an IT Problem?

We can help!


Save time and reduce costs with our help.

NEW case studies

We're helping businesses


Learn how our services are making a difference.

NEW brochure

Need to know more?


Our new brochure is available.