Google may have given third-party app developers the ability to read the private emails of millions of Gmail users, according to The Wall Street Journal. Despite promising to provide more privacy in pledges last year, the search giant has reportedly allowed both external workers and software access private accounts to read messages.

Last year, Google promised that it would cease scanning the inboxes of Gmail users in order to better target advertising, but according to claims in The Wall Street Journal, the firm has taken no action to protect inboxes from outside software developers, with users who have signed up for email-based services including shopping price comparisons and automated travel-itinery planners most at risk of having their private messages read.

For the most part, this reading takes place automatically, with hundreds of app developers making use of software to scan the inboxes of users. However, in some cases, it may also involve actual employees reading through emails.

Users have, in most cases, agreed to third-party developers gaining access to their emails as part of the terms of service for these programs or apps, and in Googles case, outside developers must go through a vetting process that includes Google checking an appropriate privacy agreement is in place in order to be able to access users Gmail accounts.

However, how closely third-party developers stick to their agreements, how well Google monitors their activity, and whether the terms of service cover individuals, rather than just software, scanning inboxes are all unclear. The rights of other individuals who have not approved their correspondence being read, but who may have exchanged messages with people who have, has also been raised.

In The Wall Street Journals report, Mikael Berner, CEO of Edison Software, a developer that offers a mobile app for organising emails, said that the firms employees had read emails from hundreds of Gmail users while building a new feature for its app, while an executive at another company said that employees reading of emails had become “common practice”.

“When a user connects through third party email applications, the applications has access to all content because, technically, your connection to the email application is via the mail server where all emails are stored,” said Evgeny Chereshnev, CEO and founder of Biolink.Tech. “So, its true that all third-party email applications have access to your Gmail accounts, if you connected them.

“This type of access is going to continue, and people need to be aware that every time they connect to, or install, a third-party application on their mobile device, they are giving rights to thos applications – often without even thinking about it. These applications gain access to users contacts, information about the user of the phone as well as things like GPS location, so this needs to be taken very seriously.

“Now that GDPR is in force, a lot of effort needs to be taken to create awareness around cybersecurity and privacy among the general population, not just security specialists.”

Googles Gmail platform is the worlds largest email service, with 1.4bn users. Following a number of privacy scandals and data breaches that have shaken the tech industry, Google, as well as other firms, have been placed under increased scrutiny for how they treat user data and how it is accessed by third parties.