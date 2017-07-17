If a person loses his smartphone with his mobile Gmail app logged in, he left himself exposed to identity theft.

Unfortunately, Google has yet to address the very old security flaw of Gmail. It still favors password recovery through phone verification SMS.

Google apparently has gathered enough personal data to let non-paying users of Gmail enjoy the same privacy level of paying Gmail customers.

Gmail has 1.2 billion users. Google promised that it will stop scanning the personal data of free users of Gmail for targeted advertising purposes later this year.

I am long Alphabet (NASDAQ:GOOG) (NASDAQ:GOOGL). Let us discuss one of its unheralded assets, Gmail. Gmail is the most popular web-based email client today. It has 1.2 billion users. Gmail is also one of the most effective hosts for Google’s targeted advertisements.

I’m using the integrated ad-blocking feature of UC Browser and yet Google can still deliver its personalized ads disguised as inbox messages. Sometimes I click on them too. Yes, I'm married but I still clicked that dating.com advertisement.

Google announced last month that it plans to stop scanning the email content of non-paying Gmail users for targeted advertising purposes later this year. It means Google has collected enough information out of freeloading Gmail users.

Alphabet now possesses enough personal information from free Gmail users to build lifetime profiles of them for targeted advertising purposes. Its extensive personal data mining is why Google is the undisputed champion in digital advertising. Gmail definitely helped in building personalized advertising profiles of more than a billion pairs of eyes.

What is Gmail’s Role?

The data mined from Gmail scanning is helping deliver eMarketer’s estimate that Google will likely derive $72.69 billion in global digital ad revenue this year. Yes, Google never had a social network as successful as Facebook’s (NASDAQ:FB). However, the long-running (and still running) Gmail content scanning has definitely provided Google the personal, business, financial, health, and social data of 1.2 billion people.

I understand that the search engine bots that Google programmed to continuously scour the web for new online content are probably also the retooled spider data miners crawling the content of Gmail accounts. Using any free web service or mobile app made by Google comes with the caveat that you are surrendering a part (or should I say total?) of your personal privacy.

One example of this rewarding scanning activity is that Google probably was able to learn of your personal credit card numbers through the monthly credit card electronic billing statements you get through Gmail, or through Google Wallet, and Google Play Store enrollment. Google’s offer to advertisers to track/share offline spending of credit card holders who watched their online ads is just one example of how deeply knowledgeable Google is about people habits and activities.

As investors, we should be thankful of this no-holds-barred strategy of Google. The free Gmail email service that people enjoy is a tailwind to Google’s core advertising business. Almost 90% of Google’s revenue is from advertising.

The revenue from ads served on Gmail is also all going straight to Google's cash registers. Unlike the ads placed on third-party websites that have AdSense accounts, Gmail is a Google-owned advertising real estate.

Google Should Improve Security of Gmail

We agree that Google is making good advertising money out of its free Gmail service. It is now duty-bound to improve the security of the said email service. I have four separate Gmail accounts. Gmail has a vulnerable password recovery system, so I use distinct accounts to minimize risks of being hacked.

Google’s long-running preference for using phone-based verification by SMS (Short Messaging Service) for password recovery makes Gmail notably less secure. I know it is optional feature to add an account recovery phone number, but it is a nagging reminder that people often do just to get rid of the badgering message from Google.

Earlier today, I intentionally faked forgetting the password for my Gmail account that I used for AdSense back in 2012. Google’s automated password recovery system did not let me change the password even though I correctly answered the secret question and the query “when was this email account created.” I also gave it the registered password recovery email address and it still won't let me change the password.

Google only let me change the password after I opted to receive an SMS verification code to the registered mobile phone number.

Any devious individual can find out a target’s Google account and his mobile number. A computer literate high school kid can hack another person’s Google account by exploiting the preferred phone SMS verification method for password recovery that Google offers at Gmail. Once the target receives the SMS verification code, the high school kid can social engineer and get that code from the target.

He’ll just fake a +48-prefixed mobile number and SMS the target’s phone. Tell him “Hi, I’m Janeth Simmons of Google Security. We detected unusual activity on your Gmail account. We texted you a verification code to your registered phone just a few seconds ago. Please text back that code to us right now to verify your identity.”

A Gmail account that is tied to PayPal, credit/debit cards, mobile and/or internet banking will cause much trouble to the owner if it is compromised. I am not a lawyer, but I think Google deserves part of the blame for any identity theft done through Gmail’s phone-based SMS password recovery method.

I would prefer that Alphabet permanently eliminate that phone-based password reset option for Google accounts. The good old “secret question” to recover a forgotten email password is safer than phone SMS password recovery. A stolen phone with logged in Gmail accounts and live mobile/internet banking apps can become a real nightmare for any person.

We have to take into account that in the future, some Europeans might decide to sue Google next time for its weak Gmail security.

Final Thoughts

Some people still think YouTube is not a profitable asset. The internet bandwidth, cloud storage, and server hardware load of streaming YouTube videos are definitely costly overhead items. However, hosting Gmail should not be too expensive. Emails and attachments do not consume that much cloud storage, bandwidth and server load for Google.

Consequently, I summarize that unlike YouTube, Gmail is an accretive or profitable service for Alphabet. I still rate GOOG, GOOGL as a buy. I'm in it for the long run. However, I will be doing some profit-taking. Maybe unload up to 60% of my GOOG holdings so I can buy other stocks.

There are other tickers that aren’t under a dark cloud of another possible EU fine. As per the technical indicators at StockTA, GOOG has an overall neutral short-term and long-term trend forecasts. GOOG is probably not going to hit $1,100 anytime soon.

Yes, Stochastic analysis shows GOOG is on a short-term bullish run. But I look at the chart below and I really want to sell before the downhill stochastic roller-coaster ride starts again. Overbought = time to sell and wait for next the down cycle.

