Third-party app developers could be reading your Gmail

Data mining your Gmail is still allowed, apparently.

Last summer, Google promised to stop scanning your Gmail for keywords that helped them target advertising. However, as The Wall Street Journal points out, Google still allows third-party app developers to scan your inbox. This happens after a user grants them access, but raises questions about whether or not people understand what kind of permission they're giving, and who they're giving it to.

According to the report, companies like Return Path Inc., which collects marketing data from people who sign up for one of the company's free apps, can scan and analyze about 100 million emails each day. The WSJ also says that while computers do most of this work, human employees read about 8,000 emails to help train the software. It's not just one company, either. Employees of Edison Software apparently reviewed the emails of hundreds of its users to make a new feature for its mobile app that reads and organizes your email.

Both companies told the WSJ that the practice is covered under their user agreements and that its employees have strict rules about what they can and can't do with the emails they read. While the WSJ found no evidence that these companies misused the data they collected, it's still a blow to user confidence, especially as companies like Google and Facebook keep saying that they're protecting your data.

Google told us that it vets partners to make sure they're only requesting data that users have given them access to and that they have a privacy policy in place. It may do some internal testing to make sure of this, as well. In other words, Google can't do much for legitimate apps that you've given permission to. Google pointed us to Security Checkup, which lets you revoke access from any third-party apps you've given access to, and more recently started flagging apps that ask for a large amount of data. If you're a Google Apps for Business user, you can set permissions so that your users can't even grant those sorts of permissions, either per app or in general.

Update: Google also responded with a post on its blog, highlighting the same things mentioned in its response above.