Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    How User Permissions Enable Developers to Read Your Company’s Email

    Written by

    Wayne Rash
    Published July 3, 2018
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      To some, an article in the Wall Street Journal about “Tech’s Dirty Secret” was a revelation. How is it that Google could allow developers from hundreds of companies to spend their days “sifting” though your email messages? The answer, it seems, is a lot more complicated that the article suggested. 

      Here’s what’s actually happening. Google, like some other big email providers, is trying to promote Gmail as an application platform, not just a mail service. But for it to be a platform (whatever that means) it has to have apps. For Gmail to have apps, they need to provide a useful service, and for those apps to turn something as mundane as email into something more, they need to know what’s in those messages. 

      A few years ago, Google faced intense criticism for allowing its advertising engine to scan users email to develop targeted ads. The company was eventually forced to stop that practice. So now, as a way to indirectly monetize its users’ email, it allows third-party developers to have access to subscriber emails as part of the development process. The idea is that for these apps to work properly, someone needs to see what’s actually in the email they’re filtering.

      Some of the apps that developers are creating are simply to give users an option for handling email besides using Google’s web interface. A good example of such an email app is Microsoft’s Outlook, which can see what’s in your Gmail inbox and display it in the mail client. 

      Others include apps that handle your calendar by spotting email messages with meeting times or they handle your contacts by finding them in emails and using those to manage your contacts list. These apps work in the personal version of Gmail as well as in G Suite, which is Google’s business productivity application suite. 

      Even if you don’t use Gmail, you’re almost certainly familiar with emails that offer meeting times or with emails from colleagues that tell you their travel schedule or include contact information for you to save. 

      As Google has pointed out in a number of ways, the only way that these apps can scan your email messages is for you to give permission and for you to have provided the information necessary to enable the access. This usually happens when you run an app that needs access to Gmail and it requests permission. It’s likely that you’ve seen these requests and simply clicked on “OK” without thinking about it much because you needed the app to do whatever it was that you wanted. 

      This access takes place using Open Authentication, otherwise known as Oauth. It’s a means of secure communications between applications. Using Oauth, users don’t need to divulge their login credentials to third parties. Google (and others that allow the use of Oauth) require a verification process to allow access. 

      In the case of G Suite accounts, the mail administrator has the ability to control whether users can allow random apps to access their company email accounts. To accomplish this, Google provides a means of allowing administrators to limit which mail APIs are available to users, and thus, which external apps can access Gmail or Google Drive. These limits can apply to most things in the Google Cloud, including Gmail and Drive, but also Calendar and Google Cloud Platform services. 

      For individual users, there’s also a Security Checkup that’s recently been enhanced. With Security Checkup, you can see what apps have access to your Google services, and Google may flag those that are questionable. Note that Google may consider anything that’s not theirs to be questionable. For example, when I ran the Security Checkup, it flagged Microsoft Outlook and offered to remove access. 

      So does this mean that the Wall Street Journal is wrong? Not exactly. But it’s likely to raise alarms for things that aren’t security problems. Just because an app may have access to your email that doesn’t mean that the employees of software development companies are sitting around reading your emails and joking about your inane conversations. 

      While it is certainly possible for an employee of the company developing an email client to see some of your email, Google requires that those developers adhere to specific policies regarding your privacy and the security of your company’s information. Developers that don’t follow Google’s requirements can have their access to Google’s API services revoked, which effectively puts them out of business. 

      Google is at least as stringent about protecting user privacy and in protecting your organization’s confidential information as other platform vendors. In the case of your business access through G Suite, most of the control lies in the hands of your system administrator and one has to presume that you’ve chosen well when you hired that person. 

      None of this ensures that some rogue employee or organization won’t misuse sensitive data from someone’s Gmail account just as it doesn’t mean that a disgruntled administrator won’t disclose your cloud passwords on Facebook. But it appears that Google is being responsible about how it handles private and sensitive information, and right now that’s about all you can ask for. 

      But unlike Facebook, Google isn’t letting people run phony games that expose their data and that of their friends to political operatives for data mining.

      Wayne Rash
      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a content writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.