Google has published a new blog post in response to news earlier this week that detailed how common it is for third-party app developers to be able to read and analyze the contents of a user’s Gmail message. While not offering any substantially new insights into the industry practice, now understood to be quite widespread, Google does outline measures a user and business organization using G Suite can do to protect their privacy and security.
Javvad Malik, Security Advocate at AlienVault:
“There has been no evidence to support the assertion whether or not a 3rd party has been able to, or actively attempted to read users Gmail messages. It does serve as a reminder that users of online services should be aware of which 3rd parties they are granting access to and for which purposes. Gmail, Twitter and Facebook in particular are widely used by 3rd party websites to authenticate or share information; and these often ask for varying degrees of permissions.
Users should regularly review which apps and third parties have access to their accounts and for which purposes, and revoke the ones not needed without delay.
Users can check which services have access by:
Enterprises should consider cloud-based monitoring and threat detection controls that can integrate with services such as Gmail or office 365 and can alert where any undesirable or suspicious activity occurs.”