Earlier in 2018, Google discovered a data privacy issue that allowed app developers to access user’s private profile information. The bug allowed access to users static data fields including name, gender, occupation, email, and age. Following this discovery, Google patched the vulnerability in March 2018 but the information was not disclosed until today. In a blog post, Google admitted that “there are significant challenges in creating and maintaining a successful Google+ product that meets consumers’ expectations”. In an internal memo leaked to the Wall Street Journal, it was found that Google was afraid of the media scrutiny and regulatory attention that would have a detrimental impact on its public image.
As Google only keeps the Google+ API log data for only two weeks, it was not possible to determine which users were impacted by this bug. Google reports that 438 application may have employed the API, which may have affected around 500,000 Google+ profiles. However, there is no evidence that app developers were aware of this vulnerability and as such no abuse took place. In order to rectify this issue, Google has initiated Project Strobe, which will review the type of accounts and Android device data that a third-party developer can access. The project will focus on privacy controls, any areas where app developers had broad access to user data, user engagement, and other areas that require tighter policies.
Project Strobe and FOUR Actions to improve Data Privacy:
1) Google is finally putting Google+ out of its misery by shutting down the consumer version:
Google+ will shut down over a 10 month period so that users can transition out by the end of August 2019. In the upcoming months, Google will provide more information about the options for migrating and downloading user data. Google will continue the service for enterprise users as an internal social network for companies, which is more popular than the consumer version.
2) Google Account permissions with more granular details (individual dialog boxes):
Moving forward, the Google will provide users with granular control over data that is shared with an app. This includes requesting each permission one at a time instead of consolidating it in one page.
3) In Gmail, Google will limit the types of use cases that are permitted:
Google is planning to update Gmail’s user data privacy policy to limit the apps that can reqeust permission to users’s Gmail data. With this action, only apps that enhance the email functionality (email clients, backup and productivity services) will be permitted in Gmail.
4) For Android devices, Google is limiting the ability of apps to gather Call Log and SMS permissions:
Google is making changes to Android’s Google Play, which will limit which apps are allowed to ask for permissions to SMS and Call log information. Google will no longer allow the Android Contacts API to share any contact interactions data.
The news of Google+ shutting down definitely comes a shock to many as it was the only alternative social network to Facebook. However, Google+ has not performed to the company’s expectation as user engagement has declined drastically over the years.
This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds. – Ben Smith, Google Fellow and Vice President of Engineering
Follow us on Social Media for tech info that matters:
- Google Plus – while it is still here 🙂
Source: Google
I am officially a tech addict and enjoy providing my views on matters related to this industry. I am always interested in trying out new tech gadgets and I have owned multiple smartphones including the legendary HTC One, SGS2, Nexus 4, iPhone 4, 5S, 6S, XR, Note 9. You can ask me any tech related questions in the comment section or on twitter @hookedNav