Third-party app developers can read some users’ Gmail messages, Google has confirmed, following concerns over privacy.

Questions have been raised by reports in the US about the level of data that can be accessed and how aware people are that they are agreeing to share private emails.

In response, Google has reminded users that whenever someone adds an app to their account they must explicitly provide developers with permission to their data.

Permissions including “view your email messages when the add-on is running” must be agreed to before anyone can begin using the apps.

Google’s API services policy states that any third-party must provide “clear and accurate information explaining the types of data being requested”.

The policy also says there should be “no surprises for Google users” and warns that hidden features or services could lead to access being withdrawn.

“You are strictly prohibited from engaging in any activity that may deceive users or Google about your use of Google API Services,” the company wrote.


“Your use of Google user data must be limited to the practices explicitly disclosed in your published privacy policy, but you should consider the use of additional in-product notifications to ensure that users understand how your application will handle user data.”

Google already operates a Security Checkup tool which shows users exactly what permission they are giving third-party developers and the ability to instantly remove any.

Cyber security expert Evgeny Chereshnev, from Biolink.Tech, said more awareness was needed around cyber security and privacy.

“This type of access is going to continue, and people need to be aware that every time they connect to, or install, a third-party application on their mobile device, they are giving rights to those applications – often without even thinking about it,” he said.

Gmail, which first launched in 2004, is the most popular email service in the world with 1.4 billion users worldwide. Google add-ons launched on the service in October 2017.