Yes, Google developers can read your company's email



[ad_1]

For some, a Wall Street Journal article on "Tech's Dirty Secret" was a revelation. How could Google allow developers from hundreds of companies to spend their days "sifting through" your messages? The answer, it seems, is much more complicated than the article has suggested.

This is what is really happening. Google, like other major email providers, is trying to promote Gmail as an application platform, not just as an email service. But for this to be a platform (no matter what it means), it must have applications. In order for Gmail to have applications, they have to provide a useful service, and for these applications to turn something as mundane as email into something more, they need to know what it's all about. are in these messages.

A few years ago, Google was strongly criticized for allowing its ad engine to scan users' emails to develop targeted ads. The company was finally forced to stop this practice. Thus, to monetize the e-mail of its users, it now allows third-party developers to access subscriber e-mails as part of the development process. The idea is that for these applications to work properly, someone needs to see what is actually in the email that they are filtering.

Some applications created by developers are simply intended to give users the ability to manage their emails. interface. A good example of such an email application is Microsoft Outlook, which can see what's in your Gmail inbox and view it in the email client.

Others include applications that manage your calendar by locating email messages with meeting times or they treat your contacts by finding them in emails and using them to manage your contact list. These apps work in the personal version of Gmail, as well as in G Suite, Google's suite of professional productivity applications.

Even if you do not use Gmail, you almost certainly know emails that offer meeting times or e-mails from colleagues that tell you their travel schedule or include contact information to back up.

As Google has pointed out in several ways, the only way that these applications can scan your emails is that you give permission and that you have provided the necessary information to allow access. This usually happens when you run an application that requires access to Gmail and that it requests authorization. It is likely that you saw these requests and that you simply clicked "OK" without thinking too much because you needed the application to do what you wanted.

This access is performed using open authentication, otherwise known as Oauth. It is a means of secure communication between applications. By using Oauth, users do not need to disclose their login information to third parties. Google (and others that allow the use of Oauth) require a verification process to allow access.

In the case of G Suite accounts, the messaging administrator has the ability to control whether users can allow random apps to access their company's email accounts. Google does this by allowing administrators to limit the email APIs available to users and, therefore, external apps that can access Gmail or Google Drive. These limits can apply to most elements of Google Cloud, including Gmail and Drive, but also Google Calendar and Google Cloud Platform services.

For individual users, there is also a recently improved security check. With Security Checkup, you can see which apps have access to your Google services, and Google can report which ones are questionable. Note that Google may consider anything that is not theirs to be debatable. For example, when I ran Security Checkup, it marked Microsoft Outlook and suggested that I remove access.

Does this mean that the Wall Street Journal is wrong? Not exactly. But it is likely to trigger alarms for things that are not security issues. It's not because an app can have access to your email that employees of software development companies are sitting reading your emails and joking about your inept conversations.

While it's certainly possible for a business employee to develop an email client to see some of your emails, Google requires that these developers adhere to specific rules regarding your privacy and the security of your company's information. Developers who do not meet Google's requirements may have their access to Google API services revoked, which prevents them from doing business.

Google is at least as strict about protecting the privacy of users and protecting your organization's confidential information as it does about other platform providers. In the case of your business access through G Suite, most of the control is in the hands of your system administrator and you must assume that you have chosen well when you hired that person.

None of this warrants that an employee or malicious organization does not abuse sensitive data in someone's Gmail account, as this does not mean that a disgruntled administrator will not disclose your cloud passwords on Facebook. But it seems that Google is responsible for the way it handles private and sensitive information, and that's about all you can ask for.

But unlike Facebook, Google does not let people run phony games that expose their data and those of their friends to political actors for data mining.

[ad_2]
Source link