"The companies said they had not asked users for specific permission to read their Gmail messages, because the practice was covered by their user agreements."
Regardless of what those third party companies told their users, users would have had to accept a pretty clear dialog [1] delegating access to their Gmail accounts. That's just how google oauth works.
