Users need to give explicit consent to applications or services, and if that happens through a token-based system that Google uses for this kind of authorization, it does happen without users having to supply their username or password to these companies.
They were then able to read and scan private emails to target adverts. It is said to have allowed its employees access to "thousands" of user emails to help develop the app's Smart Reply feature. Some allow people to write emails in special fonts, or to make it easier to find images to send to others, while others make it easier for people to organise their emails into folders.
Google, a unit of Alphabet Inc., says it provides data only to outside developers it has vetted and to whom users have explicitly granted permission to access email.
One company told the Wall Street Journal that the practice was "common" and a "dirty secret".
'Jordan, Open the Border': Syrians Chant as Thousands Stuck at Jordanian Border
Jordanian soldiers reportedly on Saturday shot at Syrian refugees who tried to cross the border. Warfare in the southwest could risk a further escalation because of its proximity to Israel .
"Nevertheless, privacy advocates and many tech industry executives say opening access to email data risks similar leaks", the report said.
The opt-in notification users receive. While the WSJ found no evidence that these companies misused the data they collected, it's still a blow to user confidence, especially as companies like Google and Facebook keep saying that they're protecting your data. In turn, some developers say they're not aware of any oversight from Google. Many of these developers simply want to offer a new email app, help you sift through your emails, or do something else you can't achieve through Gmail's core experience.
It's interesting to note that, judging from The Journal's story, very little indicates that Google is doing anything different from Microsoft or other top email providers.
It said Gmail users could visit the Security Check-up page to see which apps they had linked to their account, and revoke any they no longer wanted to share data with.
The companies said they didn't ask users about reading their emails because such language is "covered" by their user agreements.