AusPost's Bill Scanner caught up in Gmail privacy sweep

Australia Post is working to reassure Google that its Bill Scanner email add-on tool complies with a revised set of privacy rules that came into effect in mid-January.

Bill Scanner is a tool developed by Australia Post that, when linked to a webmail account, extracts data from bills sent to that account, itemises payment dates in a list, and sends smartphone reminders to the user when payments are due.

The tool has been in long-term beta since it was first launched in mid-2017.

Late last week, Google said that Bill Scanner was one of several Gmail add-ons that would have integration credentials revoked at the end of the month for not meeting revised data privacy rules.

Twitter user Travis Holland tweeted the text of a letter from Google advising of Bill Scanner’s apparent lack of compliance.

“Although you don’t need to take any action, we wanted to let you know that the following third-party apps will no longer be able to access some data in your Google account, including your Gmail content,” the letter stated.

The letter lists two apps - Bill Scanner and If This, Then That (IFTTT), which is a popular tool used to tie different web services and smart home devices together.

IFTTT can be used, for example, to keep profile photos in sync across multiple social media accounts, or to upload tagged photos from Facebook into Google Drive.

Google said it planned to revoke permissions for Bill Scanner and IFTTT to link in with Gmail “as part of ongoing efforts to make sure [user] data is protected and private”.

“These apps haven’t yet complied with our updated data privacy requirements announced on 8 October 2018,” Google said.

Back in October, Google said it had strengthened controls and policies around what types of apps could interact with Gmail APIs, for what purposes Gmail data could be used and how the data had to be secured.

The changes meant developers could only access data they needed specifically for their app to function, and anything peripheral had to be cut out.

IFTTT said this week that some functionality it previously had with Gmail would be lost, since workarounds would require “massive refactoring” of its source code and would result in degraded performance.

After learning Bill Scanner could also be caught in Google’s Gmail integrations purge, Australia Post said in a tweet it was “reviewing” the tool and that it took “the privacy of our customers, our employees and the community very seriously.”

An Australia Post spokesperson has since told iTnews that the company has worked directly with Google to address the web giant’s concerns about privacy compliance.

“We have responded directly to points raised by Google surrounding compliance with their requirements,” the spokesperson said.

“We can confirm that the customer data used to deliver our Bill Scanner service is only used for the purpose of providing this service to our customers.          

“We take the privacy of our customers very seriously and continue to take all necessary steps to protect the data of our customers.”

While Australia Post has reached out directly to Google to confirm its compliance, it remains unclear if Bill Scanner does meet requirements and can avoid any change in functionality before March 31.