Google has responded to a troubling investigation into the data privacy practices of its Gmail email client with a series of tips for users to keep their accounts secure.
Director of Security, Trust and Privacy at Google Cloud, Suzanne Frey shared a blog post in which she admitted it was common for third-party developers to read the contents of users' Gmail messages if they had been granted the permissions to do so – one of the primary allegations of the investigation.
Frey also revealed three simple tips for users who wanted to restrict the access third-party developers had in their private inbox.
Here is how to control how much non-Google apps can see —
1. Use the Security Checkup tool
To access this users must go to their account and click on the squares in the top right hand corner
To access this, users need to navigate to their account and click on the squares in the top right hand corner.
Then click on 'Account' in the dropdown menu.
Click on 'Security Checkup'. This enables users to see how many devices are signed into the account and whether there have been any security issues detected in the past 28 days.
It also shows a user's sign-in and recovery method as well as how many third-party apps have access to data.
If there are apps no longer being used, Google suggested they should be removed to avoid potential privacy concerns.
2. Review permissions
Gmail users should review their permissions before granting access to non-Google applications.
If an app wants to access a user's Google account it will list what aspects of the service it wants to access – for example to read, send, delete and manage emails.
Users can then decide whether to allow the application access to their Gmail account.
3. View and control permissions
To access this option, users need to navigate to their account and click on the squares in the top right hand corner.
Click 'Account' in the dropdown menu, then 'Apps with account access'.
This allows users to keep track of which apps or services have permission to access a user's accounts. Users can remove any they no longer trust.
It also lets users look at saved passwords and which ones Google Smart Lock has permission to remember.
If there are any that look untrustworthy or outdated they can be removed.