We make it possible for programs developed by other developers to link with Gmail. These applications include email clients, trip planners, and customer relationship management (CRM) systems. This integration allows you to have alternatives for how you access and make use of your email. Before making them available to the general public, we make it a point to thoroughly test the apps of developers who create integrations with Gmail. Additionally, we provide enterprise managers and individual users with the same level of transparency and control over the way their data is used.
You are able to evaluate the permissions you have granted to applications that are not developed by Google and cancel them if you so choose by going to the Security Checkup. Through the use of whitelisting, G Suite managers have the ability to restrict which third-party applications their users’ data can be accessed by.
Because we place the utmost importance on the safety of your data, we would like to share with you some information regarding the vetting process that we utilize and the user controls that are available for both enterprise and consumer accounts:
Providing consumers with options while safeguarding them against apps that are fraudulent or harmful
The following are the two most important criteria that must be met by applications that are not developed by Google:
Apps shouldn’t lie about who they are, and they should be transparent about how they’re utilizing the data you give them. They are responsible for accurately representing themselves. Applications are not allowed to deceive users by pretending to be something else, and they must provide privacy disclosures that are both prominent and unambiguous.
Request only data that is relevant: Apps should request only the data that they require for their particular function, and nothing more, and they should be transparent about how they are using the data they receive.
We monitor applications that are not developed by Google to ensure that they continue to comply with our policies and suspend them if we become aware that they do not.
You control your data
Both transparency and control over one’s data have been and will continue to be fundamental data privacy concepts, and we are continually trying to ensure that these ideas are reflected in our products.
We will display a permissions screen before allowing a third-party app to access your data. This screen will make it abundantly clear which sorts of data the app will have access to as well as how it will make use of that data.
We cannot stress enough how important it is for you to check the permissions screen before allowing access to any program that is not developed by Google.
The Security Checkup feature lists any third-party applications that can access your information.
In addition, we have provided data controls for a long time now that you can use whenever you need to in order to manage your information. For instance, the Security Checkup notifies you of all non-Google applications that have access to your data and highlights potentially dangerous applications, allowing you to revoke any previously granted permissions that you are no longer comfortable with. In addition, the Security Checkup shows you which applications have access to your data. You may also examine and manage permissions within your Google account by going to “Apps with account access” within myaccount.google.com.
Providing tools for G Suite admins
By whitelisting connected OAuth apps, G Suite admins have the ability to regulate the data scopes to which end users are permitted to provide access to third-party applications other than those developed by Google. This ensures that users of G Suite can only grant access to non-Google OAuth apps that have been screened by their business and are considered reliable by them.
Offering the most advanced intelligence and protection in the market within Gmail
More than 99.9 percent of spam and phishing emails are stopped before they reach users’ inboxes by Gmail’s industry-leading security features, such as protections that allow us to prevent unwanted emails from reaching users. In order to provide you with these capabilities, we will automatically process any emails you send to us. This is an industry-wide best practice, and it also enables us to provide you with sophisticated features like Smart Reply that make you more productive.
We do not process the content of emails in order to deliver advertisements, nor do developers pay us in order to have access to our API. The major way that Gmail generates revenue is through the sale of our commercial email service to enterprises as a component of G Suite. We do display advertisements in consumer Gmail; however, those advertisements are not based on the content of the emails you send or receive. At any time, you may go in and change the settings for your advertisements.
Due to the fact that Google processes a lot of information automatically, some people get the false impression that the company “reads” their emails. To be perfectly clear: no one at Google reads your Gmail unless you specifically ask us to and give us approval to do so, or unless we need to read it for safety reasons, such as when we’re looking into a bug or abuse report.
The job of protecting users’ personal information and digital security is never finished, and we never stop looking for new and improved ways to do it. For instance, we have just recently introduced more transparency into your Google Account, greater control over your ad settings, and included additional OAuth protections to fight against rogue apps. Keep up to speed with the latest in the Safety & Security part of our blog, and visit privacy.google.com for more information about our privacy and security commitments. We continually make announcements about how we’re improving our protections.