The My Sisters Friend (2019)terms of service we hurriedly agreed to keep coming back to haunt us.
Last Thursday, the Wall Street Journalreported that Google confirmed previous reports about the far-reaching access third-party apps can have to Gmail users' accounts and personal emails.
When you download an app, it might request access to your Gmail account. But what you might not realize when you grant access is that these apps may analyze your Gmail data — including the content of your emails — for their product, and potentially for targeting ads. Apps are also allowed to share your information with third parties, as long as Google determines that it adequately discloses that to users. The Journalpreviously reported that "hundreds" of apps can scan the email of "millions" of users.
Google says it reviews apps to make sure they are clearly communicating what they have access to. But unless Gmail users are diligent, security experts that Mashable spoke with say the policy potentially exposes people in ways they may have not consented to or understood.
SEE ALSO: Facebook isn't the only one with too much of your data. Just ask Google and Amazon.Several experts said that app developers' access to user data is more than just potentially creepy or invasive, though. Giving an app access to your Gmail can expose receivedemails as well as sent emails. So, because the policy could expose both your and your friends' data, app access to Gmail could create a security risk similar to the mechanism that allowed for Facebook's Cambridge Analytica scandal.
In that instance, a researcher used a third-party app, downloaded by 270,000 people, to gather data on all 87 million Facebook users in their friend networks, and then sold the data to a company (Cambridge Analytica) that used it to engage in political advertising. So, similarly, if you happen to send an email to a Gmail user who has given an app permission to read their emails, not only can that app see your correspondence and information — but a further removed third party can also see your emails, without you having ever given consent to either party.
"I do not see what is to prevent this type of access to be abused and misused in a similar way to Cambridge Analytica," Brian Honan, a cybersecurity consultant for major banking companies who used to work with Europol, said. "Third-party apps with access to peoples’ accounts can expose a lot of personal data about those persons which could be used to target subsequent adverts or messages to them."
In a letter, Google reportedly told Congress that when Gmail users grant apps access to their accounts, they may — perhaps inadvertently, if they do not read the terms closely enough — allow these apps to harvest their personal information. Apps can then use what people talk about in their emails, along with demographic and other information, to target their advertising. Google lays out the policy here.
Further, under Gmail's rules, developers are then allowed to share Gmail users' data with still other external parties. Google says that it vets the apps, and allows this data sharing as long as it determines that the developers are adequately disclosing the activity.
Gmail itself ended the practice of using the content of people's emails for ad targeting in July 2017. But it has apparently kept the ability in place for outside parties — so long as users "consent."
Original image has been replaced. Credit: Mashable Experts say this portion of Gmail's app developer policy is concerning for several reasons, on the fronts of both security and privacy.
"Without technical controls built in, app vendors are going to get to wherever they can within the platform, and within user accounts," Rebecca Herold, a top information security expert and consultant to multi-national corporations, who is also known as "The Privacy Professor," said. "That’s what the apps are designed to do, to gather data. These companies need to build a more rigorous set of controls to prevent that from happening."
The most straightforward problem with Gmail's policy is the security vulnerabilities it could open users up to.
"All of these third-parties have been vetted by Google, but the reality is that every company is vulnerable to data breaches," said Gary Davis, McAfee's chief consumer security evangelist. "The more an individual or company shares personal data, the greater the likelihood of that information falling into malicious hands."
"From a cybersecurity aspect, you don't know how well those third-party apps have been vetted by Google"
Google stresses that it carefully reviews apps and employs sophisticated malware-detecting filtering technology. And, if you're downloading an app from Google Play or the App Store, the chances of encountering a malicious app are low (though still possible). But people can and do download apps outside of these ecosystems.
In those cases, Google's data-collecting policy could allow for malicious apps to gain access to and undermine people's accounts — especially on Android. Herold noted that some of the app policies allow for apps to "inject information, edit, and upload" in your account, which could lead to malware sending spam emails on your behalf. And access to personal emails could enable bad actors to craft more convincing and targeted phishing emails.
"Google claims to have processes and systems in place to identify and remove malicious apps from its store, but despite these measures, malicious apps still are found regularly in the store," Honan said.
"From a cybersecurity aspect, you don’t know how well those third-party apps have been vetted by Google," said Herold.
While malicious apps may pose a security risk, legitimate apps that simply want to use your data for advertising may actually be the larger issue.
Currently, the technology industry is undergoing a shift in who bears the responsibility for securing a user's privacy. Up until this point, the onus to protect one's privacy has been on users — which reflects Gmail's current policy with app developers.
But thanks to the General Data Protection Regulation (GDPR) in Europe, the practice of making people consent to giving away their data by burying consent in terms and conditions is coming under scrutiny. Gmail's own policy change about not parsing emails for the sake of advertising data reflects this sea change. And Google recently prompted its users to more proactively review security settings.
But the company's stance toward apps that have access to email reflects an outdated, and vulnerable, approach to privacy.
"It seems like a lazy way for them to address this," Herold said. "They're trying to push off responsibility to those who use Gmail instead of Google taking active steps to actually secure Gmail and limit what third-party apps can actually do."
Currently, when people download an app, they may consent to giving that app access to their Gmail accounts — and inadvertently allow apps to read their emails, and provide their data to other companies. The way that people grant permission may be clear and forthright, especially if it takes place in a Google ecosystem. But the ways that people give consent vary from device to device, and from app to app. That means that Gmail is technically covered, from a legal standpoint. But hasty app-downloaders who rush through permissions might not be.
SEE ALSO: Google Search gets a slew of new features on its 20th anniversaryCurrently, Gmail users can review and revoke access to apps at myaccount.google.com. But McAfee's Davis says that Google should make it easier for users to control who has access to their data within Gmail.
"The most significant part of this really boils down to individual preference," Davis said. "In our busy lives many people value the ability to have ads served up that align with their individual needs. However, there are also many people who feel this is a breach of their privacy. Allowing Gmail users to opt in or out in a more visible way could help support the needs of consumers from both ends of the spectrum."
What made Cambridge Analytica such a large-scale disaster was the ripple effect. Only about 270,000 people downloaded the app. But those people gave researcher Aleksandr Kogan access to data about all of their Facebook friends, which means he ultimately had data on 87 million people.
Similarly, apps that have received permission to access a person's inbox see their wholeinbox — not just the emails written by the one person who gave consent for access. That means these apps could have access to the emails and contact information of whoever an individual corresponds with. They might not get access to all the profile data, as with Cambridge Analytica, but they would still be able to learn people's names, emails, and other personal information.
This Tweet is currently unavailable. It might be loading or has been removed.
Herold thinks that building in specific controls to safeguard people's informations should fall to Gmail, rather than just relegating privacy policy to dense legal agreements.
"Internet companies need to have preventive security controls built into their platform so they can block access to specific areas of their users accounts," Herold said. "Facebook didn’t do that. Their contract left their infrastructure wide open, and it sounds like Google’s doing that too."
And with Cambridge Analytica, Kogan was technically not allowed to share his data with additional parties. But with Gmail, this is acceptable — as long as apps disclose what they're doing.
"The biggest distinction is transparency," Davis said. "Gmail developers are required to be transparent with how they use Gmail data, whereas the issue with the Cambridge Analytica scandal was a lack of understanding of who had access to what data."
That monitoring and transparency process should protect Gmail users. But only if they have actually taken the time to read what they've consented to.
And, as long as nothing goes wrong.
"The problem with depending on contractual requirements is that they’re not information security controls in and of themselves," Herold said. "From a privacy standpoint, you have no idea what those apps might be accessing, taking, and using elsewhere. The unknown is the biggest risk."
Topics Cybersecurity Google Privacy
Best Sony deal: Save $100 on WH
Xbox is building a new console with AMD chips, due in 2027
The Price is Wrong: This is What GPUs Should Have Cost
Popyrin vs. Draper 2025 livestream: Watch Queens Tennis for free
TikTok wants me to host a dinner party. Is that an actual recession indicator?
Bigger Than Godzilla: Why Are Games Using So Many Gigabytes?
A Games List of Only Amazing Hidden Indie Gems and Snubs
Scientists spotted a giant comet spewing gas 2 billion miles from sun
Amazon Fire TV Stick 4K deal: Get 40% off
Xbox is building a new console with AMD chips, due in 2027
The strangeness of Japan's decision to start openly hunting whales
Klarna launches integrated mobile phone plan to its app
Is Upscaling Useful at Lower Resolutions? Nvidia DLSS vs Native at 1080p
Best CPU Deals, AMD vs Intel: Holiday CPU Buying Guide
Best Kindle Unlimited deal: Get 3 months of Kindle Unlimited for 99 cents
Best coffee machine deal: Save over $200 on Philips 4400 Espresso Machine
The OLED Burn
How to use a Visa gift card on Amazon for Prime Day
Parental Controls: How to Lock Down Your Kids' iOS Devices
Nvidia GeForce Now Ultimate vs. Your Own RTX GPU
New Zealand politician's 2013 sameGarrison Keillor fired from Minnesota Public Radio over allegations of inappropriate behaviorHow to watch the 2021 NBA playoffs without cableFake Roy Moore accuser tries to trick the Washington Post and fails spectacularlyDomino's is launching a baby registry, just like you always asked forThis pic of the White House decked out for Christmas looks like hell on EarthChromebooks are beating Macs, but which Chromebook's for you?Cool dog doesn't want you to know how much it loves that damn trampolineTeen punk band's new song about 'Racist, Sexist Boy' band goes viralIf Trump doubts the 'Access Hollywood' tape, maybe Billy Bush can helpNintendo's gonna teach kids on Switch how to make games'Cruella' is a bad prequel but a pretty good movie: ReviewFord, not Tesla, is making the electric truck that will change the EV industry'Town crier' who announced Prince Harry's engagement to Meghan Markle is 100% fakeCaution advised for LGBTQ soccer fans attending Russia's World CupApple CEO Tim Cook gets lightly roasted by judge in 'Fortnite' trialOutlander recap: Episode 11 serves up turtle soup and a reminder about consentChina's Zhurong Mars rover sends back first images of the red planetAOC encourages Latinos to seek mental health for postSimone Biles landed a never WeWork's other toxicity problem: formaldehyde Bruised and battered, Libra trudges on Blue Ivy Carter wore a perfect tiny pink suit at the Grammys Harvard Book Store trolls the Trump administration with its new section Donald Trump's inauguration poster has an embarrassing typo Internet freaks out again over 'BlondYe' aka blonde Kanye West Wow, this gang of squirrel monkey babies is very adorable 26 things that take longer than Eliud Kipchoge's two 'Breaking Bad' stars honor the late Robert Forster in moving tributes 'Shooting Stars' meme blends epic fails with one electro track and it's taking over Laverne Cox steps up at Grammys to highlight upcoming trans rights case Disney's back catalog is coming to Disney+. Here are all the titles. Coinbase CEO calls Libra scrutiny 'un What Google revealed at its big event: Pixel 4, Nest Mini, and more Shia LaBeouf's anti Lego's new program helps you donate your old bricks to kids in need Elon Musk describes Tesla pickup as 'armored personnel carrier from the future' Irish man hilariously pranks his family at his own funeral #FacebookLockout: Facebook users report being locked out for reporting scammers and fake accounts Unsurprisingly, TV streaming devices are collecting data, too
2.4417s , 10180.7421875 kb
Copyright © 2025 Powered by 【My Sisters Friend (2019)】,Charm Information Network