In the past couple days, the news that Google reads your gmail messages has spread quickly. Gmail users and  non-Gmail users (relatively a minority) were disturbed, to say the least.

Upon hearing that Google reads your Gmail messages, Gmail users felt betrayed. They felt Google data leak was their worst fears come true -their data is no longer safe in the digital economy.

Non-Gmail users, on the other hand, probably were rechecking every single item of security their own email system provides. They felt data breaches with multinationals was becoming a norm.

After having burnt their fingers in the Facebook Analytica scandal, users were already skeptical about privacy security measures. It was almost like a self-fulfilling prophecy waiting to happen.

The impish blopost titles used by no less than The Wall Street Journal (“Tech’s ‘Dirty Secret’: The App Developers Sifting Through Your Gmail“) ensured all sorts of wild theories resurfaced.

It is time to tackle the question: does Google reads your gmail messages?

Summary of this post

What is the controversy about: The Wall Street Journal reported that Google reads your Gmail messages.

What is the fact: If users specifically permit, then Google allows third-party developers to read your commercial message. Only with your permission.

Does Google allow all third-party developers to do this: Google puts interested third-party developers under a review process. Only those who clear Google’s review process are permitted to proceed.

Is Google’s review process faulty: Difficult to say. Google says it manually reviews every third-party request. However, Zvi Band, co-founder Contactually, says he has never “seen any evidence of human review” by Google review. Also, third-party developers may vary tremendously in size and business practice so Google can’t be too careful.

Are my messages safe with Gmail: There is no change in the safety levels of Gmail – they are as confidential as they were earlier.

Detailed story follows below.

Index

1. The news

2. The origin of stories

3. The truth behind the claim

4. Here’s how it might happen

5. Infographic on how apps read your gmail messages

6. The problem with 3rd party reviews

7. Infographic on Google third-party app review process

The news stories about Google reads your gmail message

Since The Wall Street Journalbroke’ the  data privacy story on July 2, there seems to have been a race of creating all sorts of titles for stories.

Implicit within this story might appear the inherent prejudice that all giant corporates are bad.

A large number of corporates have worked hard to create and further this image. The Toshiba scandal, the Enron controversy, the Barings bank foulplay, the Lehman brothers crash…

One thing is certain: corporates have never let there be a shortage of stories of goof-ups and malpractices.

So it was only natural that people were wary of Google. Let’s begin with the titles of stories that flashed on – no prizes for guessing- Google search results.

gmail_reads_your_emails_headlines

Channel News Asia took a relatively mild stand, but it still portrayed Gmail guilty.

Not surprisingly, Yahoo‘s post was a bit tongue-in-cheek.

The Wall Street Journal, rather surprisingly, took an extreme stand and its title was nearly click-bait.

The Verge talked about how a guilty Google was probably into damage control.

The origin of Google reads your gmail messages

The WSJ story was loud but offered very little beyond what was already known as standard industry practice.

The story, as shown in the image above, was titled “Tech’s Dirty Secret”.

It went to extent of saying “But the internet giant (Google) continues to let hundreds of outside software developers scan the inboxes of millions of Gmail users…”

Half-baked interpretations conveniently ignored the other half of the sentence.

The full sentence actually went this way: But the internet giant continues to let hundreds of outside software developers scan the inboxes of millions of Gmail users who signed up for email-based services offering shopping price comparisons, automated travel-itinerary planners or other tools and agreed to have their Gmail messages read.

So if you don’t read the sentence carefully, you don’t realize the users had themselves signed up to have their data read.

Meanwhile, Google posted on its blog how it is permitting users to exercise their choices in the kind and extent of information they’d like to share with third-party app developers.

The truth behind the report that Google reads your gmail messages

Does Google read your emails?

No, not without your consent.

Third-party app developing companies do. Return Path and Edison, to name two.

These companies don’t expressly ask user permission to allow them to read the emails. And yet, it is covered under their user agreements.

So basically, it’s complicated.

In its own way, Google is a content aggregator. And content aggregators seem to be having tough times. For instance, TripAdvisor fake reviews is a major devil the hotel and restaurant information company is fighting.

google-privacy-3rd-party-its-complicated

Here’s how third-party app developers may read your Gmail messages

Ok, so this is considered pretty much standard industry practice.

You download a fancy app that’s free. In exchange it asks for some permissions. You click “Accept” or “OK” or something of that kind.

And the app can go on reading your email messages happily every after.

As you can clearly see, it’s absolutely consent-based. And you can even revoke it, any time you wish.

Here’s how third-party app developers can read your Gmail messages:

  1. Third-party app developers send request to Google.
  2. The request passes through Google review process.
  3. If Google accepts the request, the app developer builds the app using Google API.
  4. The app is kept free, which attracts more users.
  5. When users download and install the app, the app asks for permission to access emails.
  6. The user grants the permission.
  7. The software wants to read only commercial emails so it sorts out commercial emails from your mailbox.
  8. The employees of the app developer may need to ‘train’ the system to read and interpret your emails.
  9. The ‘trained’ system reads your emails and prepares a detailed report of your purchase behavior.
  10. The system collates all information from all emails it has read from all accounts and uses or sells the information commercially since this are genuine insights.

Infographic on how apps read your Gmail messages

Refer to the following infographic on how Google reads your Gmail messages (as clarified earlier, Google doesn’t read your Gmail messages, it’s the 3rd party app developers who read them).

Google-reads-your-Gmail-messages-news

But the story does not end here.

The big question is: Are the practices at Google powerful enough to keep out the villains?

The problems with Google third-party app reviews

Probably in good faith -mark the word ‘probably’ – Google allows third-party apps developers to access to Gmail messages of consenting users. Naturally this is done after an extensive review.

The question is: How effective is the third-party review process of Google?

Very, we hope.

Well, there are loopholes. Here are some of the loopholes of Google’s third-party app review process, based on which Google decides whether to permit the app developer to get access to many things, including  your Gmail messages:

  1. According to Google, it manually (i.e. humans do it) reviews every app developer’s application that requests access to Gmail of consenting users. However, Zvi Band, co-founder Contactually, says he has never “seen any evidence of human review” by Google review. That suggests at least some app developers didn’t go through the manual review process. Or it could mean the review process is not consistent or uniform.
  2. The kind of entities that get access to your Gmail messages varies. It could be a sole founder-promoter-designer one-man army startup. Or it could be a seriously large corporate. The problem? Their practices in protecting the data they get access to naturally varies. Which means not all your data you exposed is necessarily safe.
  3. Companies like ReturnPath are expected to strip out personal emails and keep reading only commercial emails. Its algorithm erred. As a result, a lot of personal emails were labelled commercial. And they were read.

Infographic on Google third-party app review process

Here’s small infographic telling you what’s wrong with the Google third-party app review process we discussed above.

Is-Google-app-review-process-faulty

Why not connect with us over Facebook?

Or how about following us over Twitter?