Experts say this 'dirty secret' is a common practice among email app developers

The report was based on the testimonies of more than two dozen employees

One company let employees read 8,000 emails while training company software

Firms included in the report say the practice is covered within user agreements

Your private emails are being read by third-party Gmail app developers, an investigation into data privacy has revealed.

Developers behind a number of popular online services designed to work with Gmail trawl through private messages sent and received from your email address, it claims.

ADVERTISEMENT

It is common practice for some of these third-party app creators to instruct employees to read personal emails.

One app, which is designed to help users manage their Gmail inbox, lets employees read 'thousands' of emails, the Wall Street Journal investigation found.

According to experts, this 'dirty secret' is now common practice among some firms.

The revelation comes just a few months after it was revealed political data firm Cambridge Analytica had siphoned private data from third-party apps on Facebook.

Scroll down for video

Google has responded to a worrying investigation into Gmail's data privacy with three tips for users wanting to keep their accounts safe (stock image)

According to the investigation into Gmail, the hugely-successful Google email client allows third-party developers to scan the inbox of anyone who installs their app.

These apps can provide additional functionality to the Gmail inbox, like the ability to compare prices from different online retailers, or quickly unsubscribe from any marketing emails sent to your address.

The Wall Street Journal report was based on the testimonies of more than two dozen employees of companies who create services around Gmail – the most popular email service in the world, with 1.2 active monthly users.

One company involved in this practice is New York-based firm Return Path, which helps marketers drive revenue through email.

It has scanned the inbox of two million people, the report revealed.

Click here to resize this module

Last year, Return Path employees trawled through 8,000 personal emails as part of an effort to train the company's software, according to anonymous sources.

Employees at Mountain View-based Edison Software also reviewed the emails of hundreds of thousands of users while building a new feature for their mobile app, which is designed to help people organise their emails.

Neither company asked users for permission to read users' messages but say the practice is covered by user agreements.

'Some people might consider that to be a dirty secret,' Thede Loder, the former technology officer at eDataSource, which provides competitive intelligence for email marketing, told the Wall Street Journal.

However, he said this type of behaviour was now 'common practice'.

The question of data privacy has been an increasingly important issue since Facebook's Cambridge Analytica controversy.

The social network allowed third-party apps to request permission to access users' data, as well as data of all their Facebook friends.

This enabled developers to mine the private information of 87 million Facebook users, when only 270,000 people had used the service and granted permission.

Almost anyone can build an app that connects to Gmail accounts using an application programming interface (API).

Last year Return Path employees read 8,000 emails while helping train the company's software, according to anonymous inside sources (stock image)

HOW DO APPS PROVIDE ACCESS TO PRIVATE EMAILS ON GMAIL? Hundreds of third-party developers have created online services that bring additional functionality to Gmail, the hugely-successful Google email client. Almost anyone can build an app that connects to Gmail using the Application Programming Interface (API) supplied by Google. These apps can provide additional functionality to the Gmail inbox, like the ability to compare prices from different online retailers, or quickly unsubscribe from any marketing emails sent to your address. When Gmail users sign-up for one of these third-party services, or open an app that accesses their Gmail, Google requires them to grant permission. If users grant permission, the app can access their inbox and can read the contents of sent and received messages. Google does not disclose how many apps currently have access to Gmail. Trawling through the contents of users' emails is useful for companies who want data on users' shopping habits, travel itineraries and personal communications. The practice is not illegal and is covered by user agreements, the developers claim. However, an investigation by the Wall Street Journal discovered that developer employees say their customers are often not aware of what data is being collected and what companies are doing with it. 'Some people might consider that to be a dirty secret,' said Thede Loder, the former technology officer at eDataSource.

If Gmail users open these apps a button asks for permission to access their inbox.

ADVERTISEMENT

If users grant permission, the app can access their inbox and can read the contents of sent and received messages.

Google does not disclose how many apps currently have access to Gmail.

Both Return Path and Edison have defended their actions.

'The article mentions a specific incident at Return Path where approximately 8,000 emails were manually reviewed for classification', wrote Matt Blumberg, founder of Reutrn Path in a blog post.

'As anyone who knows anything about software knows, humans program software – artificial intelligence comes directly from human intelligence.

'Any time our engineers or data scientists personally review emails in our panel (which again, is completely consistent with our policies), we take great care to limit who has access to the data', he said.

Mr Blumbery said all data is destroyed after work on a new feature is completed.

Similarly, Mikael Berner, CEO of Edison, defended his company's actions, but added that the practice has since been stopped.

He said the company had 'expunged all such data in order to stay consistent with our company's commitment to achieving the highest standards possible for ensuring privacy,' according to Cnet.

'Our email app was mentioned in the context of our engineers having in the past the ability to read a small random sample of de-identified messages for R&D purposes.

'This method was used to guide us in developing our Smart Reply functionality which was developed some time ago,' he said.

ADVERTISEMENT

MailOnline has contacted Google for comment.