Trial Today Get in touch
Monday July 9th 2018 | 14:49

Gmail messages can be read by third parties

Recent reports have revealed that in some circumstances private emails sent and received via Gmail can be read by third-parties. This has come as a shock to many users, who assume that any emails they are send are private, and that their inboxes are secure.

When users connect their Gmail accounts to third-party apps and email management tools, they may be asked to grant specific permissions to these apps. Often this includes giving the app permission to “read, send, delete and manage your email.” While many would expect this to mean emails are processed by algorithms not humans, Google have since confirmed that there are situations where third-party app developers may have access to private emails.

The security implications are clear, especially when more and more users are becoming aware of the importance of data privacy and dangers posed by data breaches. This greater awareness is due to both the prevalence of high profile data breaches in the media, and the sweeping data protection reforms recently implemented across the EU (GDPR), New York (NY DFS 23 NYCRR 500) and California (AB 375), amongst other regions.

So how can people respond to the news that Gmail is potentially enabling third-party access to inboxes and emails?

Worried about keeping messages private?

With Egress integration for GSuite you can encrypt emails at the message-level, protecting them contents from any unauthorised access, including third-party apps. Encrypt attachments as well, all from a drop-down menu within the usual Gmail message pane.
As soon as you hit Send the emails are end-to-end encrypted between you and your recipients, and with our user-friendly access management system providing sophisticated control over recipient access, senders can keep control of their data, even after sending. This includes the ability to revoke access at any time.

And Egress Email and File Protection is still the only email encryption product to achieve CPA Foundation Grade certification from the UK Government’s National Cyber Security Centre, meaning users in highly regulated industries can use Egress to send Official and Official Sensitive content securely. At a time when many organisations are moving towards cloud hosted email service, it’s crucial to maintain compliance and uphold the most stringent data security standards when reaping the obvious benefits that the cloud provides. Issues with third-party apps are simply another example of the importance of message-level encryption. Our online workspace solution can also assist in making sure documents are shared securely in your organisation.

How does Egress work with GSuite?

While it’s true that Egress for GSuite asks for certain permissions in order to help you protect and control your email sending, it’s important to note that no humans ever have access to your emails. Everything passed to the Egress system is encrypted at the message level and only able to be accessed by your intended recipient(s). So we do not have access to your messages, but also neither do third-party app developers behind any email management tools you connected to your account.

If you’re interested in being able to send encrypted emails and attachments with your Gmail account, why not get in touch or check out our Egress and GSuite datasheet.

More from our bloggers

Previous Article
Compliance with California Consumer Privacy Act (AB 375) - How Egress can help
Top Story
2020 Vision: Egress leaders look ahead to the New Year
Next Article
How to recall an email in Gmail
footer_cesg_2018_258x100 footer_skyhigh_89x100 NATO Common Criteria footer_bsi_iso_178x100