News, Culture & Society

Gmail WARNING: App developers are READING your private messages

Your private emails are being read by third-party Gmail app developers, an investigation into data privacy has revealed. 

Developers behind a number of popular online services designed to work with Gmail trawl through private messages sent and recieved from your email address, it claims.

It is common practice for some of these third-party app creators to instruct employees to read personal emails. 

One app, which is designed to help users manage their Gmail inbox, lets employees read ‘thousands’ of emails, the Wall Street Journal investigation revealed.

According to experts, this ‘dirty secret’ is now common practice among some firms.

Third-party developers are reading people’s private Gmail messages, according to an investigation (stock image)

According to the investigation into Gmail, the huge-successful Google email client allows third-party developers to scan the inbox of anyone who installs their app.

These apps can provide additional functionality to the Gmail inbox, like the ability to compare prices from different online retailers, or quickly unsubscribe from any marketing emails sent to your address. 

The Wall Street Journal report was based on the testimonies of more than two dozen employees of companies who create services around Gmail – the most popular email service in the world, with 1.2 active monthly users.

One company involved in this practice is New York-based firm Return Path, which helps marketers drive revenue through email.

It has scanned the inbox of two million people, the report revealed.

Last year, Return Path employees trawled through 8,000 personal emails as part of an effort to train the company’s software, according to anonymous sources.

Employees at Mountain View-based Edison Software also reviewed the emails of hundreds of thousands of users while building a new feature for their mobile app, which is designed to help people organise their emails.

Neither company asked users for permission to read users’ messages but say the practice is covered by user agreements.

‘Some people might consider that to be a dirty secret,’ Thede Loder, the former technology officer at eDataSource, which provides competitive intelligence for email marketing, told the Wall Street Journal.

However, he said this type of behaviour was now ‘common practice’.

Both Return Path and Edison have defended their actions.

‘The article mentions a specific incident at Return Path where approximately 8,000 emails were manually reviewed for classification’, wrote Matt Blumberg, founder of Reutrn Path in a blog post.

‘As anyone who knows anything about software knows, humans program software – artificial intelligence comes directly from human intelligence.

Last year Return Path employees read 8,000 emails while helping train the company's software, according to anonymous inside sources (stock image)

Last year Return Path employees read 8,000 emails while helping train the company’s software, according to anonymous inside sources (stock image)

‘Any time our engineers or data scientists personally review emails in our panel (which again, is completely consistent with our policies), we take great care to limit who has access to the data’, he said.

Mr Blumbery said all data is destroyed after work on a new feature is completed.

Similarly, Mikael Berner, CEO of Edison, defended his company’s actions, but added that the practice has since been stopped.

He said the company had ‘expunged all such data in order to stay consistent with our company’s commitment to achieving the highest standards possible for ensuring privacy,’ according to Cnet.

‘Our email app was mentioned in the context of our engineers having in the past the ability to read a small random sample of de-identified messages for R&D purposes.

‘This method was used to guide us in developing our Smart Reply functionality which was developed some time ago,’ he said.

The question of data privacy has been an increasingly important issue since Facebook’s Cambridge Analytica controversy.

The social network profited from a feature that allowed third-party apps to request permission to access your data, as well as data of all your Facebook friends.

This enabled developers to mine the private information of 87 million Facebook users, when only 270,000 people had used the service and granted permission. 

MailOnline has contacted Google for comment. 


A new spam attack is tricking a wave of Gmail users into thinking their account has been hacked. 

Numerous users have reported that their inboxes were flooded with spam emails titled things like ‘growth supplements’. 

However, in a bizarre twist, the ads appeared to have been sent from their own accounts.

The easiest way to check if you’ve been hit by the scam is to check your ‘sent’ folder. 

Spammers figured out a way to bypass Gmail's spam filters by using forged headers that make it look like Gmail users' own email addresses

Spammers figured out a way to bypass Gmail’s spam filters by using forged headers that make it look like Gmail users’ own email addresses

From there, check if any emails are listed as being sent by ‘via’. 

If you find any, be sure to mark them as ‘spam’ so that they appear in the designated folder. 

You can also report an email as a phishing scam by clicking on the dropdown menu, marked by an arrow, in the righthand corner. 

Clicking this will give you the option to report an email as a phishing attempt. 

Google said that the latest spamming attack hasn’t compromised any user accounts, so there’s no reason to believe your Gmail has been hacked.