As of last year, Google pledged to stop collecting data from Gmail user’s inboxes to fuel targeted advertisements. However, this does not apply for the third-party developers that create apps and extensions for Gmail.
Google claims that all third-party app developers and companies are examined before granting them access to the Gmail service, and that swift action is taken in any instances of poor or unclear practice from the developer. However, third-party application developers are still abusing Google’s ambiguous permission descriptions, allowing them full access to your Gmail account. Depending on what permissions you may have given to an application, it may be able to access a variety of information from your Gmail inboxes such as email addresses, timestamps, and even the content of the email.
So, what can you do to ensure third-party applications are not stealing your data?
Look at any third-party applications you have installed that require access to your Gmail account and identify if the permissions are unnecessary or the application itself appears to be untrustworthy. Based on your findings, you should proceed to remove these application or revoke their access if you deem them to be suspicious.
To find this information, follow these steps:
- Navigate to the “Google Account” page after signing into your Google account;
- Select “Apps with account access” under “Sign-in & Security”
- Select “Manage Apps”
- Here you will see a list of your applications and their corresponding access to your device. The ones we are interested in have “Has access to Gmail” next to them.
Our advice is to be more stringent when granting permissions on newly installed applications, especially if they look suspicious. Take the time to read the permissions and think about why that applications might need this level of access.