Making A Difference

Google To Shut Down Google+ As Social Network Bug Exposed Private Data

The glitch gave outside developers possible access to private profile data of Google+ users, though Google says that it found no evidence that any developers were even aware of the bug or that any profile data were misused.

Getting your Trinity Audio player ready...
Google To Shut Down Google+ As Social Network Bug Exposed Private Data
info_icon

Google will shut down the consumer version of its social network Google+ after announcing data from up to 500,000 users may have been exposed to external developers by a bug that was present for more than two years in its systems.

The announcement in this regard was made by Ben Smith, Google Fellow and vice-president of engineering, in a blog post Monday, in which he noted that the Indian-American headed company could not confirm which users were impacted by the bug.

"However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API," he said.

"We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused," Smith said.

The technical bug was detected as part of an effort called Project Strobe started by Google early this year. It is a root-and-branch review of third-party developer access to Google accounts and Android device data and of our philosophy around apps' data access, he wrote.

"This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened," Smith said.

The Wall Street Journal, which was the first to report about it said that a software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue.

"A memo reviewed by the Journal prepared by Google's legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica," the daily reported.

Sunder Pichai, the Indian-American CEO of Google, was briefed on the plan to not notify users after an internal committee had reached that decision, The Wall Street said quoting unnamed sources.

Smith, however, announced that Google Plus will not be shut down immediately. "To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data," he wrote.

Google also announced launch of more granular Google account permissions that will show in individual dialog boxes. "When an app prompts you for access to your Google account data, we always require that you see what data it has asked for, and you must grant it explicit permission," he said.

"Going forward, consumers will get more fine-grained control over what account data they choose to share with each app. Instead of seeing all requested permissions in a single screen, apps will have to show you each requested permission, one at a time, within its own dialog box," Smith said.

PTI