An app called Earny can save you money on online purchases that might have dropped in price after you've bought an item.
Still, the app's central function is creepy. As one of my CNBC colleagues found out, it will automatically send emails from your Gmail account on your behalf.
Here's the quick background story: After reading about it months ag, a colleague signed up for Earny.
As we often do, the colleague quickly moved through the application giving it approval for whatever it asked to access. As it turned out, out one of the questions was permission to access Gmail (it's not hiding, so we're not dinging Earny at all for this—that's how the app works.), and the colleague agreed.
Months later, and more recently, my colleague bought a pair of shoes on Zappos. Within days, there was an email explaining that a $10 credit had been applied because the item had dropped in price.
Amused and a bit flabbergasted, the colleague found that Earny had sent an email on her behalf from her account and posing as her. It asked for price protection on an item purchased just days prior, complete with the order number and difference in price.
There was even a smiley face next to the signature. Here's what the email said:
I have a question...
I think I can get price protection on Louise et Cie Bette, is this possible?
If this is the case, then I would like to get price protection on the item I bought on June 21, 2017. Here is the order number: #xxxxxx and the new price [with a link to Zappos' new price.] The price has dropped $10.00 since I originally got Louise et Cie Bette.
I would love a refund on my original payment.
Thanks for answering my questions, let me know if you need anything from me.
[Name withheld] :)
Of course, my colleague had never sent this email. Earny apparently did, and it's capable of doing this for more than 50 major retailers around the U.S.—right from your account.
In the end, she ended up saving a few bucks at the cost of her privacy. Was it worth it?
Not in my book, nor hers: She ended up deleting Earny.
Lesson learned. Always be aware of the permissions you're giving an app. You might be giving one full access to read, send, delete and manage your email, as my colleague did.
A spokesperson reached for comment by CNBC explained:
Earny only receives a copy of the emailed receipt from retailers as well as communication regarding your price adjustment request.
Earny does not delete or manage your inbox. These permissions are setup by the major Email providers (Gmail, Microsoft, etc.) directly and Earny does not have an option to amend these permissions.
All information is encrypted before being stored in Earny's secure database. We are using AES-256 and RSA-2048 as encryption algorithms. Earny's database and storage are also encrypted and they are using a threat detection system, dynamic data masking and activity monitoring. Access is also restricted by a firewall that blocks any unknown IPs, and is secured by Two-Factor Authentication and divided into employee role-based permissions. In addition, all Earny team members receive IT Security prevention training and sign their "Cyber Security Policy".