A Gmail mobile app, center left, is seen on a smartphone in Beijing, China, Dec. 29, 2014. THE ASSOCIATED PRESS/Andy Wong
Amid news Google has been giving third-party apps access to the data of millions of its email users, a cyber security expert in Toronto says it’s time for consumers to demand safeguards.
A Wall Street Journal report found the tech giant has been letting outside software developers scan Gmail inboxes, read messages and send and delete messages on the user’s behalf.
The apps do need consent, but the terms of that consent are not clear, the article says. Users don’t know, for example, that actual human beings who work for the app developers — not just computers — can and do scan their emails.
“Not anther day passes where I think people get shocked by how much of their personal information is out there,” says Cytelligence CEO Daniel Tobok.
“We have gotten used to this fable, this imagination, that we are fully protected on our devices and our Gmail. That’s not right. That’s a false sense of security.”
Tobok says when Google, Apple and the like are vetting apps, they focus on the quality of the app and whether the company can fix defects. They do ask about what information the app retains, but that part is not always validated.
“The companies are not doing their full due diligence before giving people permission to sell stuff on the App Store (for example),” he says.
“You’re under the assumption that this is a brand name and your information will be protected. That’s unfortunately not the case.”
And although the spotlight is on Google, Tobok says it’s not the only company that is negligent with consumer data.
“I don’t think they’re doing anything different,” he says. “They’re all playing the same game. They’re not any different than any other big social platform. They’re just the biggest, so they have the most information.”
Tobok says consumers have to demand that their data is not shared with anybody. Companies must notify users of any changes to their privacy policies and confirm users received the communication.
“If they’re not able to provide us their assurance with our data, they will find themselves extinct,” he says.
Although Tobok has suggestions for protecting personal information on Gmail and other email services, he says there are always risks with companies that make their money by selling data.
“I’m like the party pooper here,” he says. “My only advice is be aware if something is over email and it’s a free account — especially like Gmail — somebody potentially can have access to it.”
How free email services can improve data privacy
- “Consumers must put their foot down and demand — not ask; demand — clarity on how their data is stored or viewed or accessed by any third party,” Tobok says.
- Gmail must be forced to change its policies, give consumers the opportunity to say yay or nay, or give less access to third parties.
- Companies must put pressure on developers to change their habits or policies on the data they access.
How to protect your privacy
- Be sensitive with what information you share.
- Sign up for paid corporate accounts.
- Set up an email attached to your own domain.