Although Google has promised better privacy measures to its users, reports from Wall Street Journal suggest that thousands of application developers have access to Gmail users’ private messages.
These developers would receive messages from users who have subscribed to alerts as price comparisons for services or travel agency alerts, according to the media reports. What does not report the media that released this fact is whether Google has done actions to favor this practice or not. In addition, the media reports that employees who work for these software developers read private messages from Gmail users.
A year ago, Google promised to stop scanning Gmail users’ inbox, but the company has not done much to protect the input trays obtained by external software developers. According to pentest experts, Gmail users registered for ‘email-based services’ such as ‘purchase price comparisons’ and ‘automated travel itinerary planners’ are at the highest risk of surveillance.
According to pentest experts, hundreds of developers scan users’ inbox who subscribe to the services previously listed, which Google has declined to respond to.
The revelation comes at bad time for Google. The main technology companies are under pressure in the US and Europe to protect users’ privacy. The scrutiny follows the Cambridge Analytica scandal, in which a data company was accused of misusing the personal information of more than 80 million Facebook users in an attempt to influence the elections.
To work with Google, external developers must pass a research process and, as part of that, Google makes sure they have an acceptable privacy agreement. What is unclear is how much these external developers adhere to their agreements and what Google does to make sure they do so.
Pentest specialists consulted by the Wall Street Journal confirmed that the practice was specified in user agreements and said that they had implemented strict rules for employees operating e-mail.
According to the International Institute of Cyber Security, it is complicated that companies like Google can implement protection measures to the inbox of their e-mail services.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.