Google Shuttering Google+ for Consumers After Undisclosed Data Exposure

MacRumors

macrumors bot
Original poster
Apr 12, 2001
48,767
10,185



The Google+ social network that Google introduced back in 2011 suffered from a major bug that Google opted not to disclose to the public, reports The Wall Street Journal.

A Google+ software glitch provided outside developers with the ability to access private Google+ profile data from 2015 to March 2018. In the spring of this year, internal investigators discovered the issue and fixed it.

The problem was caused by a bug in a Google+ API designed to let app developers access profile and contact information about the people who signed up to use their apps. Google found that Google+ was also allowing developers to access the data of users who had their profiles set to private. Up to 438 apps had access to customer data.
During a two-week period in late March, Google ran tests to determine the impact of the bug, one of the people said. It found 496,951 users who had shared private profile data with a friend could have had that data accessed by an outside developer, the person said. Some of the individuals whose data was exposed to potential misuse included paying users of G Suite, a set of productivity tools including Google Docs and Drive, the person said. G Suite customers include businesses, schools and governments.
In an internal memo, Google's legal staff recommended against disclosing the bug because it would invite "immediate regulatory interest" and result in a comparison to Facebook's Cambridge Analytica scandal.

Data from hundreds of thousands of users was potentially accessible, but Google did not discover misuse of the data by outside developers. Exposed data included names, email addresses, birth dates, gender, profile photos, places lived, occupation, and relationship status.

Phone numbers, email messages, timeline posts, and direct messages were not accessible.

As a result of the data exposure, Google today announced that it is shutting down Google+ for consumers and introducing new privacy measures. According to Google, it put together a privacy task force called Project Strobe at the beginning of the year to review the company's APIs.

Buried in a long document describing all of the privacy changes being implemented, Google confirms that a Google+ bug made private Google+ content accessible to developers.

Google explains that it did not opt to disclose information about the exposed data back in March because there was no evidence of misuse and no action a developer or user could take in response.
The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers' expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.
Google is planning to shut down Google+ over a 10-month period, with the social network set to be sunset next August.

In addition to shutting down Google+, Google is introducing several other privacy improvements. More granular controls will be provided for granting Google Account data to third-party apps, and Google is going to limit the number of apps that have access to consumer Gmail data.


For Android users, Google will limit the apps able to access Call Log and SMS permissions on Android devices, and contact interaction data will no longer be available through the Android Contacts API.

Google's full list of privacy changes can be found in its new Project Strobe blog post.

Article Link: Google Shuttering Google+ for Consumers After Undisclosed Data Exposure
 

CarlJ

macrumors 601
Feb 23, 2004
4,389
7,159
San Diego, CA, USA
Google explains that it did not opt to disclose information on the breach back in March because there was no evidence of misuse and no action a developer or user could take in response.
Google mutters, "plus it would make us look bad, for no reason." Yes, telling the truth might make people further question whether handing you large amounts of information is a good idea.
 

btrach144

macrumors 68000
Aug 28, 2015
1,697
3,882
Google is a threat to industry security. They have no problem calling out other companies and their security issues, sometimes before even alerting said company.

But when their own products have security issues, let's sweep it under the rug.
 
Last edited:

ck2875

macrumors 6502a
Mar 25, 2009
985
2,528
Brighton
Choosing to intentionally not disclose a data breach is the lowest of the lows.
"In an internal memo, Google's legal staff recommended against disclosing the bug because it would invite "immediate regulatory interest" and result in a comparison to Facebook's Cambridge Analytica scandal."
Seriously. Hopefully some non-immediate regulatory interest and backlash will come their way over this. Reminds me of Yahoo sitting on their data breaches.
 

WBRacing

macrumors 65816
Nov 19, 2012
1,203
2,634
UK
It was utter garbage and never made any sense. It was horrible to navigate and for the 60seconds I tried it for, it was incredibly difficult to see what of my data would be private and public.

They would have been better off coming up with an eBay alternative rather than this garbled mess. Considering how quick they are to shutter other useable projects it was a surprise how it survived. Probably forgotten by even them.

The lucky thing is that the data breach would have surely been comparatively non-existent compared to the likes of Yahoo! who took it further and actually lied (I am still not entirely clear why Marissa Mayer isn't in jail after the part disclosure of their breach during the sale of Yahoo!) so I don't imagine there is going to be a massive backlash on this one.

Not unless Taylor Swift decides to weigh in that is....
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.