According to a Wall Street Journal report, Google allows third-party apps to scan the emails of some Gmail users and does little to police the developers that gain access to inboxes by offering email-based services such as price comparisons or other tools. Google said it vets all the apps that request access to Gmail accounts and only grants access with the explicit consent of users.
CBS News contributor and Wired editor-in-chief, Nicholas Thompson, joined "CBS This Morning" to discuss why this is raising concerns about the security of Gmail and what he believes the tech giant should do to address these concerns.
Facebook has been under investigation since March over the now-shuttered political data firm,, which harvested and exploited millions of Facebook users' data. The fallout from that privacy scandal has been enormous – but how does Google's breach compare? According to Thompson, it's "less bad" but "similar."
"First, with Facebook and Cambridge Analytica, it was not only getting access to your info, but the info of your friends and then secondly we knew that the data had been misappropriated. With Google we just know that these apps have access to your inbox. We don't know whether they've done things like sell it to political campaigns trying to change our elections," Thompson said.
Some examples of apps that request access to your inbox include Earny, Unroll.Me and Boomerang. What those apps are able to see depends on the purpose of the app.
"If you get an extension that lets you organize your emails, they're gonna see your emails. If you get an extension that lets you unroll from newsletters, they're gonna have to see the headers and information on your emails. What's interesting is that people opt into this and they don't quite understand and the reason they don't quite understand is because the privacy settings were kind of made in the 2000 to 2017 world. Google should have changed those," Thompson said.
Because many of these apps increase the functionality of your Gmail, Thompson doesn't think Google should do away with them. Instead, they need to make it explicitly clear what users are agreeing to and set strict parameters for how developers use the data they see.
"It should say 'Hey, this thing is going to read your e-mail. You sure you want that? You just clicked you wanted that. You're really sure? You're totally sure?" Thompson said. "What you don't want is you don't want an app that you use to organize your inbox more efficiently which then sells your data to marketers or then sells it to hedge funds for investment decisions. So, Google probably needs to clear up both of those things."