After Gmail controversy: How to revoke app access to your Google account

July 9, 2018By Bjoern Greif

If you grant a third-party app access to Gmail, you must expect the developer’s staff to read your private messages. Check access rights now!

Earlier this week an article in the Wall Street Journal recalled a long-known problem and raised concern: Developers of third-party apps can read the emails of millions of Gmail users. What experts call “common practice” is called a “dirty secret” by the newspaper because not all users are aware of this fact.

According to the WSJ, Google does little to police those app developers whose machines and, in some cases, employees sift through “hundreds of millions of emails of users”. The report says:

One of those companies is Return Path Inc., which collects data for marketers by scanning the inboxes of more than two million people who have signed up for one of the free apps in Return Path’s partner network using a Gmail, Microsoft Corp. or Yahoo email address. Computers normally do the scanning, analyzing about 100 million emails a day. At one point about two years ago, Return Path employees read about 8,000 unredacted emails to help train the company’s software, people familiar with the episode say.

And that is just one example the WSJ gives. There is no indication that developers of Gmail add-ons have misused data of users, the newspaper states. However, opening access to email data (including message content, subject and various metadata) is risky in general.

 

Google plays down the issue

To defend itself and to reassure its users, Google writes in a blog post that it only reads emails in “very specific cases”, for example to investigate a bug or abuse, and only if the person concerned consents. “We continuously work to vet developers and their apps that integrate with Gmail,” Google says. According to the internet giant, users always have control over which apps can access their Google and Gmail accounts since third-party apps require the user’s consent to access accounts.

However, probably not every user pays attention to what permissions he grants which app. And some people may have simply forgotten that they allowed an app to access their email account at some point. Fortunately, you can revoke third-party app access to your Google account. Here’s what to do:

  1. Open the page myaccount.google.com in your browser.
  2. Sign in with your Google account.
  3. Click on “Apps with account access” in the “Sign-in & security” section.
  4. Under “Apps with account access” select “Manage apps“. (Alternatively, you can directly follow this link and then sign in with your Google account.)
  5. On the “Apps with access to your account” screen you can now view which apps have access to what parts of your account and remove access.
In general, it’s a good idea to check the list of apps that have access to your Google account regularly and to remove any that you no longer use. Ideally, before using an app or extension, you carefully consider what access rights you want to grant them.