They can easily build and view their own versions of the gmail stack, but they would not be able to generate auth tokens to decode the private data of accounts they did not have passwords for.
For comparison, at Google in 2011, I was one of ~10 or so engineers that had the ability to view private Gmail or Gplus data (access that was heavily documented and audited). That being said, Google did have to go…
They can easily build and view their own versions of the gmail stack, but they would not be able to generate auth tokens to decode the private data of accounts they did not have passwords for.
For comparison, at Google in 2011, I was one of ~10 or so engineers that had the ability to view private Gmail or Gplus data (access that was heavily documented and audited). That being said, Google did have to go…