From The Verge: Google has published a new blog post in response to a story from The Wall Street Journal yesterday that detailed how common it is for third-party app developers to be able to read and analyze the contents of a user’s Gmail message. While not offering any substantially new insights into the industry practice, now understood to be quite widespread, Google does outline measures a user and business organization using G Suite can do to protect their privacy and security. The company also reiterates its commitment to vetting those third-party apps and services that have access to sensitive Gmail data.
“A vibrant ecosystem of non-Google apps gives you choice and helps you get the most out of your email,” reads the company’s blog post, written by Suzanne Frey, the director of the company’s Security, Trust, & Privacy division of Google Cloud. “However, before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.”
Frey offers a few tips to ensuring your data is in the hands of trusted sources. Those include reviewing the permissions screen before giving access to a non-Google app and using the company’s Security Checkup tool to check what devices have logged into your account, which third-party apps have access to your Gmail, and what permissions those apps have. She also says Google’s review process is designed to ensure companies and individuals do not misrepresent themselves and only request data relevant to the function they’re providing.
While the WSJ story did not unearth any wrongdoing from third-party apps or services using Gmail, it did shine a light on a previously discreet industry practice now under heavier scrutiny in the aftermath of Facebook’s Cambridge Analytica data privacy scandal. Facebook gave generous user data access to third-party app developers for years, which created a situation in which tens of millions of people had their personal information packaged and sold to a data mining firm without proper consent. Google is now in the position of having to more actively defend its own data management and user privacy practices, mainly to convince users and businesses that, unlike Facebook, Google is in fact a responsible steward of sensitive user data.
View: Article @ Source Site
