Some Third-Party Email Apps Let Employees Read User Emails

[nsayer]

"Customers concerned with how their emails are handled by third-party apps should stick with first-party apps such as Gmail or Inbox by Gmail for Gmail users."

That just kicks the can a little further down the road. Google admits freely that they read all your e-mail if you use gmail.

I run my own mail server.

Yes, it's a lot more work, and not everyone can do it properly, but it pretty definitively solves the privacy problem.

 

[mejsric]

Well... only terrorist/criminals afraid on reading email features.

 

[AE14]

I’ve been using Edison Mail for a year or so and like it better than others. I might go back to Gmail’s iOS app, which is fine except for lack of unified inbox. Or the stock iOS mail app, which had unified inbox but often takes 10-30 minutes longer than others to show new email (and yes I have fetch/push settings correct).

On the other hand, I’m not sure this news is as big a deal as I thought when I initially read the article.

If you’re using Edison, are you gonna drop it?

I just did. Went back to the stock Apple mail app.

 

[SoundJudgment]

yikes. I used to use an Edison email app, now use outlook for iphone/ipad.

Outlook client all the way! Desktop, iPhone.. iPad... for life!

 

[AE14]

Outlook client all the way! Desktop, iPhone.. iPad... for life!

never tried outlook. Do you mind if I ask why you prefer it?

 

[FelixDerKater]

De-identified and then re-identified via algorithms. Classy.

 

[Karma*Police]

Not sure why anyone would use Gmail in the first place... unless they're forced to like me... even then, I use Apple Mail as the client cos I find the Gmail interface to be absolute garbage.

 

[dogslobber]

This is why we can't have nice things.

 

[kmm333]

This is why I switched back to Apple's own Mail application..

Same. Loved Sparrow, then Spark, but wasn't a fan of the privacy policy.

 

[OldSchoolMacGuy]

This is real scary and completely irresponsible for Google to allow this.

They tell you they're doing it right in their Terms of Service. You're the silly one that agreed to it without bothering to understand all they do with your data.

If you have even the slightest concern about keeping your email private you should be running your own email server for about $1 a month. Instead, most are too cheap and don't care about their privacy enough to bother.
[doublepost=1530574988][/doublepost]

These companies may be in a heap of HIPAA trouble if anyone can prove that they read anything that might contain PHI.

Gmail makes it INCREDIBLY clear that they aren't a HIPAA compliant service. They tell you they scan your emails and index them for advertising purposes. That's how they make money. That's not HIPAA compliant and they don't act as it they are.

If an organization that must remain HIPAA compliant is using a free service for transferring such records, it's the organization, not Google, who will be accountable for the infraction. Luckily I don't think any healthcare provider in their right mind would think it's acceptable to use Gmail or any other free email service for patient records. I would guess you don't really understand the requirements set forth around HIPAA.

 

[69650]

I hope this problem is confined to Gmail and doesn’t affect third party mail apps using Apple Mail.

 

[canadianreader]

Not surprising for an app named after an inventor thief Thomas Edison.

Isn’t ironic

 

[69650]

Software terms and conditions should be abolished as nobody reads them. They should be replaced by international laws which explicitly state what these companies can and can’t do.

 

[MacBoy88]

They tell you they're doing it right in their Terms of Service. You're the silly one that agreed to it without bothering to understand all they do with your data.

If you have even the slightest concern about keeping your email private you should be running your own email server for about $1 a month. Instead, most are too cheap and don't care about their privacy enough to bother.
[doublepost=1530574988][/doublepost]

Gmail makes it INCREDIBLY clear that they aren't a HIPAA compliant service. They tell you they scan your emails and index them for advertising purposes. That's how they make money. That's not HIPAA compliant and they don't act as it they are.

If an organization that must remain HIPAA compliant is using a free service for transferring such records, it's the organization, not Google, who will be accountable for the infraction. Luckily I don't think any healthcare provider in their right mind would think it's acceptable to use Gmail or any other free email service for patient records. I would guess you don't really understand the requirements set forth around HIPAA.

Just to point out, Edison supports more than just Gmail. There are not a lot of apps that support Exchange Web Services (EWS). The stock iOS apps only support Exchange ActiveSync unfortunately.

Also, Google’s GSuite can be HIPPA compliant with a signed BAA and settings managed. (I know Gmail is the consumer product, but just pointing this out)

 

[dotnet]

Lol. The sheer amount of misinformation from some posters here about Google supposedly selling your data is quite comical.

What else would they be selling? Your data is all they've got.

 

[luvbug]

At least the Apple email client connecting to Apple email servers are SSL connections, by default. Whether it remains SSL to the recipient depends on who services their email domain. A couple years ago Apple said they would work toward SSL connections with as many other email service providers as possible. Perhaps MR could reach out to Apple on this topic to see what they've done in that regard (hint, hint).

 

[fairuz]

In a written statement, Google said that it provides data to outside developers who have been vetted and who have been granted permission by users to access their email.

Heard the same thing from Facebook a few months ago.

 

[robbyx]

I hope this problem is confined to Gmail and doesn’t affect third party mail apps using Apple Mail.

I don’t think most people commenting even understand the issue. I’ve read mostly nonsense comments about Google selling data (which they don’t) and other assorted privacy boogieman claims.

Google allows third party apps to access Gmail. The user must consent. Employees at the companies developing these third party apps read some emails. Google had no part in this. If any of these third party apps support other email services, ie: iCloud, and the user gave the app access to his or her email, those emails could have been read too. I don’t use these apps, so I don’t know if they are Gmail specific, but I’ve seen apps and services that log into your email in order to organize, apply rules, etc. that support many email provides, not just a Gmail.

Once you grant a third party access to your email, it doesn’t matter how secure (or who) your email provider is.

 

[fairuz]

"Customers concerned with how their emails are handled by third-party apps should stick with first-party apps such as Gmail or Inbox by Gmail for Gmail users."

That just kicks the can a little further down the road. Google admits freely that they read all your e-mail if you use gmail.

I run my own mail server.

Yes, it's a lot more work, and not everyone can do it properly, but it pretty definitively solves the privacy problem.

Running your own mail server might be compromising on security, no? I think it's impossible to fake an email from a Gmail address to a Gmail inbox or between two large providers, but it's very easy to do that to some random mail server (no SSL certs?). Could be wrong, which is why I ask. In any case, email is a total mess that I won't believe many people do 100% properly.

Btw, I use iCloud for email. I trust Apple more than Google for this for various reasons. Ofc I still have to trust someone.

 

[cobracnvt]

I don’t think most people commenting even understand the issue. I’ve read mostly nonsense comments about Google selling data (which they don’t) and other assorted privacy boogieman claims.

Google allows third party apps to access Gmail. The user must consent. Employees at the companies developing these third party apps read some emails. Google had no part in this. If any of these third party apps support other email services, ie: iCloud, and the user gave the app access to his or her email, those emails could have been read too. I don’t use these apps, so I don’t know if they are Gmail specific, but I’ve seen apps and services that log into your email in order to organize, apply rules, etc. that support many email provides, not just a Gmail.

Once you grant a third party access to your email, it doesn’t matter how secure (or who) your email provider is.

And you can assume the person your sending your email to hasn't given a third party access to their inbox. Email isn't a secure platform.

 

[Michael Goff]

What else would they be selling? Your data is all they've got.

Ads. They're an ad company. They have profiles on people that they use to sell ads. They don't sell the data, they sell the ability for them (Google) to Target ads better. That's it.
[doublepost=1530578275][/doublepost]

Yeah because Google truly cares about your privacy and would never use or sell your data.

You're right. Google doesn't sell your data.

 

[fairuz]

This is why I switched back to Apple's own Mail application..

I still don't know why I would even use the stock Gmail app for mail. The built-in iOS app works great and works with things besides Gmail.

 

[robbyx]

And you can assume the person your sending your email to hasn't given a third party access to their inbox. Email isn't a secure platform.

For sure. Email is like writing a postcard. Anyone who thinks email is secure or private is seriously misinformed.

 

[MacBoy88]

At least the Apple email client connecting to Apple email servers are SSL connections, by default. Whether it remains SSL to the recipient depends on who services their email domain. A couple years ago Apple said they would work toward SSL connections with as many other email service providers as possible. Perhaps MR could reach out to Apple on this topic to see what they've done in that regard (hint, hint).

Google Transparency Report

 

[Rigby]

Anything you send via email can be intercepted and read by people in the middle. Which app you use doesn't matter. Neither POP nor IMAP are particularly secure. SMTP security is laughable.

Actually IMAP is quite secure as long as you use SSL/TLS (which all major email service support these days). SMTP (the protocol used to deliver emails between your email provider and the receipient's) is potentially a weak spot, but many major email providers support encryption for that too now, so you get at least encryption in transit.

Exchange might be, but if you're using Exchange, somebody is paying for it.

Free Outlook.com accounts support Exchange. But that doesn't change the issue described above if you send mails to a recipient who uses a different provider.
[doublepost=1530582156][/doublepost]

I’ve been using Edison Mail for a year or so and like it better than others. I might go back to Gmail’s iOS app, which is fine except for lack of unified inbox. Or the stock iOS mail app, which had unified inbox but often takes 10-30 minutes longer than others to show new email (and yes I have fetch/push settings correct).

To my knowledge there are only 3 providers that support push email via the iOS Mail app: icloud.com (obviously), outlook.com (when configured as Exchange), and fastmail.com. Gmail does not.
[doublepost=1530582308][/doublepost]

Outlook client all the way! Desktop, iPhone.. iPad... for life!

Just make sure you don't use the Outlook app for iOS or Android with 3rd party mail providers or corporate Exchange accounts (without asking your IT guys), since it too redirects all mails through Microsoft's servers.