Gmail messages can be read by third parties

by Neil Larkins
Published on 9th Jul 2018

Recent reports have revealed that in some circumstances private emails sent and received via Gmail can be read by third-parties. This has come as a shock to many users, who assume that any emails they are send are private, and that their inboxes are secure.

When users connect their Gmail accounts to third-party apps and email management tools, they may be asked to grant specific permissions to these apps. Often this includes giving the app permission to “read, send, delete and manage your email.” While many would expect this to mean emails are processed by algorithms not humans, Google have since confirmed that there are situations where third-party app developers may have access to private emails.

The security implications are clear, especially when more and more users are becoming aware of the importance of data privacy and dangers posed by data breaches. This greater awareness is due to both the prevalence of high profile data breaches in the media, and the sweeping data protection reforms recently implemented across the EU (GDPR), New York (NY DFS 23 NYCRR 500) and California (AB 375), amongst other regions.

So how can people respond to the news that Gmail is potentially enabling third-party access to inboxes and emails?

Worried about keeping messages private?

With Egress integration for GSuite you can encrypt emails at the message-level, protecting them contents from any unauthorised access, including third-party apps. Encrypt attachments as well, all from a drop-down menu within the usual Gmail message pane.As soon as you hit Send the emails are end-to-end encrypted between you and your recipients, and with our user-friendly access management system providing sophisticated control over recipient access, senders can keep control of their data, even after sending. This includes the ability to revoke access at any time.

Egress Protect is still the only email encryption product to achieve CPA Foundation Grade certification from the UK Government’s National Cyber Security Centre, meaning users in highly regulated industries can use Egress to send Official and Official Sensitive content securely. Issues with third-party apps are simply another example of the importance of message-level encryption. Our enterprise file sharing solution can also assist in making sure documents are shared securely in your organisation. Issues with third-party apps are simply another example of the importance of message-level encryption.

How does Egress work with GSuite?

While it’s true that Egress for GSuite asks for certain permissions in order to help you protect and control your email sending, it’s important to note that no humans ever have access to your emails. Everything passed to the Egress system is encrypted at the message level and only able to be accessed by your intended recipient(s). So we do not have access to your messages, but also neither do third-party app developers behind any email management tools you connected to your account.