Gmail third party app developers can read private emails in the course of developing and administering the apps, a new investigation has found.
According to The Wall Street Journal, employees of companies such as Return Path Inc., a marketing data collection company, as well as those companies’ computers can read the emails of more than 2 million people who sign up for one of the apps the company offers.
It isn’t just Gmail addresses that are affected, either. Microsoft and Yahoo email addresses also are vulnerable, the WSJ reported. Computers scan up to 100 million emails a day, and two years ago, Return Path employees read 8,000 private emails as part of a training exercise.
Employees may read emails for research as they develop new app features, Edison Software CEO Mikael Berner admitted to The Wall Street Journal. In all cases, the emails were read without getting explicit permission from the users, since permission is given in the user agreement all users agree to (but few actually read).
Google itself does not read individual emails but has not prevented third parties from doing so, Trusted Reviews reported.
It is possible to prevent your emails from being accessed by changing your Google account settings: Go to “Third-party apps with account access,” and if any of them say “Has access to Gmail,” click “remove access.” Limiting access in this way could impact how certain apps can be used, but will prevent emails from being read by any third parties.
Facebook recently ran into trouble for a similar situation where a third party, Cambridge Analytica, gave data from tens of millions of users to President Donald Trump’s 2016 campaign.
© 2026 Newsmax. All rights reserved.