Comment by scripturial

Yes. There is no ability to know one way or the other if Google, and similar services retain a secondary way to access decryption key. In light of this the only option is to _assume_ they have the capability.

Given the carefully crafted way companies describe their encryption services, it seems more likely than not they have master keys of some sort.