Quick Links
Some online services want full access to your email account, so they can scan it for purchases, travel plans, or annoying newsletters. Apps like these generally sell your private data. They're not great for your email account's security, either.
What Services Are We Talking About Here?
We aren't singling out any individual service here. These are industry-wide problems. And, even if one or more of these apps are entirely trustworthy, we don't like the idea of sharing our email with all these additional companies.
Apps like Earny, Paribus, TripIt, and Unroll.me work in this way. When you sign up, you "connect" your email. This gives the service access to your entire email account. They can see every email you've ever sent or received as well as all new incoming and outgoing emails.
They're Probably Selling Your Email Data
It's the reality of the entire modern world: Your data is continually being gathered and sold to target ads and marketing. From your browsing history to the products you buy at the grocery store, it's all being tracked.
But the contents of your email are unusually personal. Not even Google uses the content of your emails to target personalized ads to you---not anymore, at least. A company with access to your email account could take all kinds of personal data and sell it.
The first big firestorm about this happened around Unroll.me in 2017. This service helps people quickly unsubscribe from email newsletters. Unroll.me collected its customers' Lyft receipts from their email accounts and sold that data to Uber---in an anonymized form, at least. "We may share personal information we collect with our parent company, other affiliated companies, and trusted business partners," says Unroll.me's privacy policy. It's unclear exactly what other data they've gathered to sell, and to who.
That's just one example. Return Path is a company that promises insights into people's emails accounts. Return Path's about page says it "partners with more than 70 providers of mailbox and security solutions, covering 2.5 billion inboxes." One of those partners is Earny. Companies can pay for Return Path to provide information about your email reading behavior. The Wall Street Journal reported that Return Path has allowed individual employees to read people's emails to train the filtering software.
This is how those services that require access to your email make their money. They sell access to your email account's contents. It may be anonymized access, but we still don't like it.
If that all sounds like just too much access, we agree. We won't use any services like these. We recommend you avoid them, too.
They Put Your Email at Greater Risk
Let's say there's a service like this that promises never to sell access to your email account's data, and let's say you trust it completely. Even in this situation, we don't recommend using the app.
Your email isn't just a repository for receipts and newsletters. It's a central point from where you manage all your other accounts. If someone has access to your email, they can reset the passwords for everything from your online banking to your Facebook account.
If you haven't given any additional companies access to your email, you just have to trust your email service provider---Gmail, Outlook.com, Yahoo! Mail, or whoever else. The more companies you give access to, the more ways your account could be hacked. What happens if one of these companies are hacked? Breaches like this happen too often online and giving more companies access to your email just increases your risk.
These companies generally get full read-write access to your email, too. Someone could use their credentials to delete all your emails or send new emails from your address.
And, even if you do trust the current company and they're perfectly secure, that company could be sold to a new one that decides to misbehave. This constantly happens with Chrome extensions, after all---a popular extension is sold to a new company, which adds tracking, advertising, and other junk.
How to Check for Apps With Access and Revoke It
After you've given an app access to your email account, the app keeps that access forever---until you revoke it, anyway. This also applies when you give apps access to other accounts, such as your Facebook, Twitter, and Dropbox accounts.
We recommend you check which apps have access to your accounts, review them, and revoke any apps you don't use.
Use these links to view apps with access to your accounts at these popular email providers: Gmail, Outlook.com, and Yahoo! Mail.
These links take you to the account-wide control panels, so you'll also see apps that have access to other parts of your Google, Microsoft, or Yahoo! accounts. Examine the list and look for third-party apps with access to your email.
If you use another email service, sign into the account and look for something about "third-party apps," "app and website connections," "apps you've given access to your account," or "services you've given access." You can also search for the name of the email service and "manage third-party apps" or something like that.
We recommend you find another way to accomplish whatever task these apps make easier. It may take a little bit more legwork, but you can manually track price drops, file price protection claims, collect your trip information, or unsubscribe from emails without giving a company access to all your emails.
But, ultimately, the decision is up to you. If you're fine with all this, go ahead and use these apps. Just know what you're getting into before you invite a company into your email account.
Image Credit: Antonio Guillem/Shutterstock.com.