Some Third-Party Email Apps Let Employees Read User Emails

Some third-party email providers that work with services like Gmail are letting their employees read customer emails to create new and optimized software tools, according to an article warning about third-party email apps and services published today by The Wall Street Journal.

Return Path, a service for email marketers that has 163 app partners, two years ago allowed its employees to read approximately 8,000 full customer emails to train the company's software.


Similarly, Edison Software, a company that makes the Edison Mail app for iOS, had employees read the emails of hundreds of users to craft a new "smart replies" feature.

According to The Wall Street Journal, neither company asked users for specific permission to read their emails, but have said the practice is covered in their user agreements. Employees who read the emails were governed by "strict protocols," and in Edison's case, user information was redacted.

Edison, Return Path, and other third-party email services also use computer scanning to analyze emails, a common practice. For its article, The Wall Street Journal interviewed over two dozen current and former employees from email and data companies.

Google no longer scans the inboxes of Gmail users itself as of last year for privacy reasons, but it continues to allow third-party software developers to do so. Other email services, like Yahoo and Microsoft, are similarly impacted, providing access with user consent.

Return Path, Edison, and other developers of apps that work with Gmail and similar email services don't appear to have misused customer information, but many customers are likely to be concerned about the fact that employees at some email companies are reading their emails. Many customers are also likely unaware they're consenting to such practices when signing up for a third-party email app.

In a written statement, Google said that it provides data to outside developers who have been vetted and who have been granted permission by users to access their email. Google says its own employees read emails only in "very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse."

As The Wall Street Journal points out, customers should be wary of email apps because Google does not have strong consumer protections in place when it comes to email. It's a simple process to build an app that connects to Gmail accounts, and with permission to access the Gmail inbox granted, a developer can see the entire contents of the inbox. It's not just large corporations that are able to get to this data - Google also gives permission to one-person startups, and data privacy protections can vary.

Customers concerned with how their emails are handled by third-party apps should stick with first-party apps such as Gmail or Inbox by Gmail for Gmail users and/or take a close look at the app's privacy policies and ask further questions about data usage.