Man working at a table with lens flare

ElectroSawHQ/Flickr (CC-BY)

Third-party Gmail apps were letting employees read your emails

Is this legal?


Christina Bonnington


Published Jul 3, 2018   Updated May 21, 2021, 11:59 am CDT

You’ve likely come across it before: an app that requires access to your Gmail account in order to function. There are numerous apps that do this in order to provide you with a service, such as managing your upcoming travel reservations or helping you achieve inbox zero. For most of these apps, your emails are only analyzed by their algorithms—no human actually sets eyes on your messages.

However, in an effort to build a better product, some third-party Gmail apps were allowing company employees to read user emails.

The Wall Street Journal reports that two apps, Return Path and Edison Software, have read user emails in the past. Return Path is a service that analyzes your inbox and gathers data for marketers. Two years ago, its employees read approximately 8,000 user emails as part of the company’s process to develop its software. Edison Software, meanwhile, is the maker of an email management app called Edison Mail. It read user emails—thousands of them—to help inform the app’s “Smart Reply” feature.

According to both apps, this behavior was covered in their user agreements. However, while users likely expected the apps to send, delete, read, or otherwise manage their email, they likely did not expect human eyes to be a part of that process.

These apps have since defended their policies.

“Any time our engineers or data scientists personally review emails in our panel (which again, is completely consistent with our policies), we take great care to limit who has access to the data, supervise all access to the data,” Return Path explained in a message on its website shared in response to the Wall Street Journal‘s report.

In a statement, Edison Software CEO Mikael Berner said that in the past, its engineers “read a small random sample of de-identified messages for R&D purposes.” The company has since stopped doing this and has also deleted any related data in order to remain consistent with its privacy policies.

Based on Google’s policies and these apps’ user agreements, it appears that in these cases the apps were within their rights to let employees read actual user emails. While it’s an ethically iffy situation, these companies assert that high privacy standards were maintained—customer information was used, perhaps in an unexpected way, but not necessarily abused.

These revelations are a good reminder that when you grant an app access to something like your Gmail account, without a detailed reading of their user agreement you can’t really know how that information may be used (and even then, it could be open to interpretation). If you have qualms about sharing your data with an app, don’t.


Share this article
*First Published: Jul 3, 2018, 12:48 pm CDT