Users need to give explicit consent to applications or services, and if that happens through a token-based system that Google uses for this kind of authorization, it does happen without users having to supply their username or password to these companies.
They were then able to read and scan private emails to target adverts. It is said to have allowed its employees access to "thousands" of user emails to help develop the app's Smart Reply feature. Some allow people to write emails in special fonts, or to make it easier to find images to send to others, while others make it easier for people to organise their emails into folders.
Google, a unit of Alphabet Inc., says it provides data only to outside developers it has vetted and to whom users have explicitly granted permission to access email.
One company told the Wall Street Journal that the practice was "common" and a "dirty secret".
Gov. Kasich orders flags flown at half-staff today
Moylan, to your unexpected legacy: YOU should have died", he wrote. "We probably had the reactions that Ramos wanted us to have". Ramos' legal action against the newspaper was unsuccessful, Marquardt said, and the suspect exhausted all his appeals by 2014.
"Nevertheless, privacy advocates and many tech industry executives say opening access to email data risks similar leaks", the report said.
The opt-in notification users receive. While the WSJ found no evidence that these companies misused the data they collected, it's still a blow to user confidence, especially as companies like Google and Facebook keep saying that they're protecting your data. In turn, some developers say they're not aware of any oversight from Google. Many of these developers simply want to offer a new email app, help you sift through your emails, or do something else you can't achieve through Gmail's core experience.
It's interesting to note that, judging from The Journal's story, very little indicates that Google is doing anything different from Microsoft or other top email providers.
It said Gmail users could visit the Security Check-up page to see which apps they had linked to their account, and revoke any they no longer wanted to share data with.
The companies said they didn't ask users about reading their emails because such language is "covered" by their user agreements.