According to Google, it's “apps” – but this isn't Android apps; it's something that lets them directly fetch your emails from Google. I think it might be associated with OAuth, but despite their incredibly clear privacy policy I'm still not sure who exactly it is.
Don't worry; I'm fairly sure it doesn't happen unless you click through a pop-up.
Are you just saying "Gmail has an API, and it is possible to authorize apps to access your Gmail via the API", which will be listed (along with every other app with access to your Google Account in any way) in your account permissions page @ https://myaccount.google.com/permissions
This sounds nefarious, but for all we know you're talking about the people in the To line.