Gmail app developers' employees might be reading your email
The app makers defend the practice, but also say they've since stopped it.
Google headquarters in Mountain View, California.
Third-party app developers can build services that work with Google's Gmail, for doing things like helping you find a good shopping deal or manage travel. Some of those developers can read private emails -- and have let their employees read them -- according to a report Monday by The Wall Street Journal.
Specifically, the Journal's report mentioned two apps. One of them is Return Path, an app that analyzes users' inboxes and collects data for marketers, according to the Journal. The newspaper said Return Path employees read about 8,000 user emails two years ago to help develop the company's software.
The other, called Edison Software, which helps users manage their email, reportedly let its employees read "thousands" of emails to help the app train its "Smart Reply" feature.
In the software developer industry, it may not be shocking that app makers had access to this kind of data. Both apps said they got consent from users and that the practice was covered in their user agreements. Google also asks users for specific permissions when it comes to third-party app integrations. For example, a typical pop-up box after downloading an app might ask for your consent for the app to "Read, send, delete and manage your email."
But the news that third-party developers -- and especially their employees -- could read people's emails may come as a surprise to people who didn't quite understand what they were signing up for or the extent that human eyes would be involved.
Last year, Google said it would stop scanning user emails for data to help marketers target ads at users. But the question of data privacy from third-party app developers has been a hot button topic since Facebook's Cambridge Analytica controversy. In March, Facebook disclosed that Cambridge Analytica, a digital consultancy that had ties to the Trump presidential campaign, improperly accessed personal information on up to 87 million of the social network's users.
Google would not comment on the record when asked about its relationship with third-party developers. But the company says it strictly vets outside developers that want access to Gmail data. That includes making sure the company represents itself accurately and that it has a privacy policy in place.
Both Return Path and Edison defended letting their employees see user emails.
"As anyone who knows anything about software knows, humans program software – artificial intelligence comes directly from human intelligence," Return Path said in a blog post on its website. "Any time our engineers or data scientists personally review emails in our panel (which again, is completely consistent with our policies), we take great care to limit who has access to the data, supervise all access to the data."
Edison also defended its actions, and said it has stopped the practice.
"Our email app was mentioned in the context of our engineers having in the past the ability to read a small random sample of de-identified messages for R&D purposes. This method was used to guide us in developing our Smart Reply functionality which was developed some time ago," CEO Mikael Berner said in a statement. "We have since stopped this practice and expunged all such data in order to stay consistent with our company's commitment to achieving the highest standards possible for ensuring privacy."
The Smartest Stuff: Innovators are thinking up new ways to make you, and the things around you, smarter.
Special Reports: CNET's in-depth features in one place.