Google has responded to questions from senior Republican senators about how it monitors and controls app developers' access to Gmail content.
The Republican Senate Commerce Committee chairman fired off a letter to Google in July after being alarmed by a report that it is common for employees of third-party app developers to access Gmail content.
The revelation prompted concerns about whether Google is adequately monitoring misuse of Gmail user data to ensure its users aren't exposed in the same way Facebook's lack of developer oversight allowed political consultancy Cambridge Analytica to acquire millions of Facebook users' data through a third-party app developer.
"Though no allegations of misuse of personal email data akin to the Cambridge Analytica case have surfaced, the reported lack of oversight from Google to ensure that Gmail data is properly safeguarded is a cause for concern," they wrote.
The senators asked whether Google was aware of "any instances of an app developer sharing Gmail user data with a third party for any purpose".
Susan Molinari, vice president of Google's America public policy and government affairs, said the company's developer policies allow for this type of sharing.
"Developers may share data with third parties so long as they are transparent with the users about how they are using the data," Molinari wrote.
SEE: How to build a successful developer career (free PDF)
The senators wanted more answers about Google's claim that it reviews and enforces each app's compliance with its policies.
Molinari replied that following an approval under Google's manual developer verification process, it uses machine learning to monitor approved apps.
"If we detect significant changes in the behavior of the app after it has been approved, we will once again manually review the app," she wrote.
If an app is found to have violated Google's terms, it will display an 'unverified app' warning on it.
These days, Google displays an 'unverified app' warning for all apps that haven't been verified --- a change it introduce after someone last year tricked millions of Gmail users into granting access to a bogus Google Docs app.
Molinari reiterated Google's comments in a July blogpost that its employees can read Gmail users' email content but that it restricts access to cases where a user has given consent, or when it needs to inspect content to investigate a bug or abuse.
She also said Google restricts this type of access to a "very limited number of individuals", requires documentation of when access is granted, and routinely audits access.
A Senate Commerce hearing next Wednesday is expected to be attended by privacy officials from Google, Apple, Twitter, AT&T and Charter Communications.
Previous and related coverage
Google says it doesn't get paid for giving third-party apps access to Gmail and checks them thoroughly.
Gmail's not entirely confidential 'confidential mode' expiry-date email feature is now available on mobile apps.
If you trust Google, this is the second-factor security key for you.
Even though users can set an expiration date for emails, the EFF said that Google can still access the message data.
The Smart Reply feature is apparently catching on.