Centre for Internet & Society

Recently, Google admitted to giving hundreds of firms access to users’ Gmail inboxes. It also revealed that many apps are able to scan and share data from email inboxes. However, Google explained that it vets third parties that are given access, and permission should be given by the user.

The article by Surupasree Sarmmah was published in Deccan Herald on October 4, 2018.

Metrolife asks Gmail users if they were aware of giving permission to third-party apps and talks to an expert to see if access to emails can make a user vulnerable to blackmail, loss of individual liberty and compromise on one’s safety.

Vinod Singha, finance lead, IDP Events, says, “It is shocking that a third party is given access to a user’s Facebook and Gmail data. These third-party apps will put the user’s name on a target group to sell products and services, without the person’s knowledge. It’s high time we, as users, become aware of both advantages and disadvantages of online data sharing.”

Pallavi Shivakumar, assistant professor, says, “There should be more transparency and accountability from these app developers. There might not be any violation from their end but this is definitely a case of infiltration. I also feel that people need to be more aware of the footprint they are leaving behind.”

Aayush Rathi, policy officer, Centre for Internet and Society, says that the Cambridge Analytica scandal is an example of misuse of access to data granted to third parties.

He elaborates, “Google mandates every user to give consent to a third-party app before the app can access their information. A screen asking your permission to let the app access to your inbox pops up. While you may willingly click on that, the ripple effects will create problems — people you send emails to and who you receive emails from may also be impacted. Further, while as a user I may consent to a third party getting access to my inbox, what we may not be able to control is their sharing of our data with a fourth party.”

He adds that technically, Google is in the clear because unless an app gets consent from the user, it can’t access your inbox. The apps are also vetted by Google to see if they are in consonance with privacy standards; this is even before they are permitted to take permission from a user. “From a security point of view, Google claims to have high-end malware detection systems in place. Apps within the play store ecosystem can be vetted by Google but there are applications outside the ecosystem that can be used too. One of the central questions then becomes the degree to which we want Google to close down its API while maintaining data portability and interoperability considerations,” Aayush told Metrolife.

What can a user do?

  • Do your own vetting before giving access to a third-party app.
  • Regular review of the third-party applications you have given access to through Google settings on Gmail. email ID Google Google Account

Filed under: