(Credit: Andrea Danti/Shutterstock)

Editor's note, 3:02 PM PT: Google has now clarified to Download that it will not be internally auditing third-party Gmail apps, nor will it be directly charging app developers an audit fee. Instead, the company is selecting from a short list of external auditors who will collect the fees themselves.

A company representative tells us, "The security assessment will be completed by a 3rd party to ensure the confidentiality of your application. All fees are paid directly to the assessor and not to Google. As we've pre-selected industry leading assessors, the letter of assessment your app will receive can be used for other certifications or customer engagements where a security assessment is needed."

The original article follows:

Last summer, we encountered a report from the Wall Street Journal indicating that developers of apps that can connect to your Gmail account had a potentially unwelcome level of access to personal user data. In response, Google announced in October that it would start audits ("application reviews") of these apps in early 2019, which is all well and good. But Google's price tag for this mandatory service is reportedly raising some eyebrows.

Today, The Register reports that Google's fee may range from $15,000 to $75,000 or higher, and that this fee could be recurring. The developers of third-party Gmail apps that it spoke to were not happy at the thought of paying such a fee, which some of them said they could not afford.

SEE: 5 things you can do in 5 minutes to boost your internet privacy

Speaking to The Register, Clean Email founder Kyryl Bystriakov said, "As a business owner who deals with users' data and privacy every day, I understand where such a requirement is coming from. I also believe that it's not only overkill but it will also destroy the development community they've been building around their APIs."

We contacted Google for a statement regarding these concerns, but we did not immediately receive a response.

In recent years, Google has taken heat for automated scanning of users' emails for the purpose of determining what ads to display within the interface, which is how Gmail makes money. It ended the scanning process in mid-2017 and now uses less invasive methods to figure out what ads will be relevant to you.

However, along the way, third parties have not been so well-behaved. A service called Unroll.me, designed for bulk removal from email newsletters, was sued for allegedly selling user data to the Uber rideshare company (download for iOS or Android). Unroll.me indicated that its terms of service may not have been clear enough about what rights you gave them to sift through your inbox.

FOLLOW Download.com on Twitter for all the latest app news.

By instituting annual audits, Google may be able to standardize data access in a way that makes the fine print phrasing of an independent developer irrelevant -- but it's fair to say that most developers would prefer to be audited by a neutral third party. Not only would such a party be impartial, but the Gmail app developer would also have latitude to negotiate the price tag.

The way it's set up now, you either pay Google's price for Google's audit, every year, or you take your app elsewhere.


  • The Register reports that many developers of third-party Gmail apps are balking at Google's new mandatory annual audit rule, which may cost up to $75,000 per year, or more.
  • According to these developers, only Google is allowed to conduct the audit, so you cannot shop around for a neutral auditor who may charge much less. Some developers are saying that they will not be able to afford Google's fee.

Read more

Tom McNamara is a Senior Editor for CNET's Download.com. He mainly covers Windows, mobile and desktop security, games, Google, streaming services, and social media. Tom was also an editor at Maximum PC and IGN, and his work has appeared on CNET, PC Gamer, MSN.com, and Salon.com. He's also unreasonably proud that he's kept the same phone for more than two years.