Last Updated on January 31, 2020 by Mathew Diekhake
We make it possible for applications from other developers to integrate with Gmail—like email clients, trip planners and customer relationship management (CRM) systems—so that you have options around how you access and use your email. We continuously work to vet developers and their apps that integrate with Gmail before we open them for general access, and we give both enterprise admins and individual consumers transparency and control over how their data is used.
You can visit the Security Checkup to review what permissions you have granted to non-Google apps, and revoke them if you would like. For G Suite users, admins can control which non-Google apps can access their users’ data through whitelisting.
Keeping your data secure is our top priority, so we want to provide you with details about our vetting process and user controls for both enterprise and consumer accounts:
Giving consumers choice and protecting them from malicious or deceptive apps
A vibrant ecosystem of non-Google apps gives you choice and helps you get the most out of your email. However, before a published, non-Google app can access your Gmail messages, it goes through a multi-step review process that includes automated and manual review of the developer, assessment of the app’s privacy policy and homepage to ensure it is a legitimate app, and in-app testing to ensure the app works as it says it does.
In order to pass our review process, non-Google apps must meet two key requirements:
- Accurately represent themselves: Apps should not misrepresent their identity and must be clear about how they are using your data. Apps cannot pose as one thing and do another, and must have clear and prominent privacy disclosures.
- Only request relevant data: Apps should ask only for the data they need for their specific function—nothing more—and be clear about how they are using it.
We review non-Google applications to make sure they continue to meet our policies, and suspend them when we are aware they do not.
You control your data
Transparency and control have always been core data privacy principles, and we’re constantly working to ensure these principles are reflected in our products.
Before a non-Google app is able to access your data, we show a permissions screen that clearly shows the types of data the app can access and how it can use that data.
We strongly encourage you to review the permissions screen before granting access to any non-Google application.
In addition, we’ve long had data controls that you can use at any time to manage your information. For example, the Security Checkup shows all non-Google apps that have access to your data and flags potentially risky apps so you can revoke any previously-granted permissions that you are no longer comfortable with. You can also view and control permissions within myaccount.google.comunder “Apps with account access.”
Providing tools for G Suite admins
G Suite admins can control the scopes of data users are able to grant non-Google apps access to by whitelisting connected OAuth apps. This ensures that G Suite users can give access only to non-Google OAuth apps that have been vetted and are trusted by their organization.
Providing industry-leading security and intelligence in Gmail
Gmail has world-class safety features, such as protections that allow us to prevent more than 99.9% of spam and phishing emails from reaching your inbox. In order to deliver these features, we conduct automatic processing of emails. This is standard practice across the industry, and also allows us to give you intelligent features like Smart Reply that help you be more productive.
We do not process email content to serve ads, and we are not compensated by developers for API access. Gmail’s primary business model is to sell our paid email service to organizations as a part of G Suite. We do show ads in consumer Gmail, but those ads are not based on the content of your emails. You can adjust your ads settings at any time.
The practice of automatic processing has caused some to speculate mistakenly that Google “reads” your emails. To be absolutely clear: no one at Google reads your Gmail, except in very specific cases where you ask us to and give consent, or where we need to for security purposes, such as investigating a bug or abuse.
The work of privacy and security is never done, and we’re always looking for ways to better protect our users. For example, we’ve recently introduced more transparency into your Google Account, greater control over your ads settings, and added new OAuth protections to guard against malicious apps. We continuously make announcements about how we’re improving our protections—keep up to date with the latest on the Safety & Security section of our blog, and visit privacy.google.com for more information about our privacy and security commitments.