It is reported that Google has confirmed that private emails sent and received by Gmail users can sometimes be read by third-party app developers, not just machines. Google indicated that the practice was not against its policies. As, people who have installed or connected third-party apps to their accounts may have unwittingly given the third-party and even its human staff permission to read their messages, Google has reminded users that whenever adds an app to their account they must explicitly provide developers with permission to their data.
Google’s API services policy states that any third-party must provide “clear and accurate information explaining the types of data being requested”.
The policy also says there should be “no surprises for Google users” and warns that hidden features or services could lead to access being withdrawn.
“You are strictly prohibited from engaging in any activity that may deceive users or Google about your use of Google API Services,” the company wrote.
“Your use of Google user data must be limited to the practices explicitly disclosed in your published privacy policy, but you should consider the use of additional in-product notifications to ensure that users understand how your application will handle user data.”
Google already operates a Security Checkup tool which shows users exactly what permission they are giving third-party developers and the ability to instantly remove any.
https://www.mirror.co.uk/news/uk-news/private-gmail-messages-can-read-12846985
https://developers.google.com/terms/api-services-user-data-policy