In short: Google has now responded to recent questions raised by senators in response to reports about its policies allowing third-party developers to access user data from Gmail via a letter that has since been made public via the document and book-sharing service Scribd. While the company declined to provide any details regarding how many third-party developers have been caught in violation of its policies, it did explain what those policies are and how access works. For starters, Google points out that its policies allowing users to branch out beyond generic services with add-ons, extensions, and secondary email clients is an industry standard. Each of those services effectively requires third-party developers to access user data in some form or fashion but, the company explains, those developers are vetted and there are several policies in place to both protect and keep users informed.
Background: The questions from the Senate follow the recent waves of security-related news stemming from user data handling by major tech giants, including Facebook, Google, and Amazon among others. Gmail isn't at all the only area where Google has faced scrutiny either. In fact, the company is currently scheduled to answer further questions on September 26 via a full Senate hearing. At least some of that will likely center around the company's Prior to these issues, a substantial number of reports came forward regarding the company's somewhat obscure explanation of location data tracking services. Although those have since been fixed, the company did not initially do a very good job of explaining to users that it would continue tracking data with those services turned off since that setting only applied to location history features. Even before that, the company has faced pressure from governing bodies in other countries for its policies regarding default applications in Android OS.
Impact: While the details provided by the search giant in this most recent matter are fairly comprehensive, they don't necessarily answer every question put forward either. All of its policies, the company claims, are backed by "verification, monitoring, and enforcement." As part of that effort, services are generally verified before they become available to users without an initial 'unverified' warning. Subsequent reviews are performed when anomalous activity is spotted. However, it did not respond with details about which developers have already had access removed and said that it also doesn't release details publicly. Instead, it informs users who have installed or are using the service or add-on in question that they need to remove access themselves. That, at least, is one policy that Google could be required to change as pressure mounts on technology companies to provide better transparency and protections.