Thursday, 13 December, 2018

Google Shutters Google+ Following Privacy Vulnerability

Google shutting down social network Google+ after security bug disclosed Google Shutters Google+ Following Privacy Vulnerability
Sherri Watson | 08 October, 2018, 21:43

"The consumer version of Google+ now has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds", the company said in a statement.

A software bug in Google+ meant that the personal information of "hundreds of thousands" of users was exposed. "We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused".

The decision to not alert users was made after company officials wrote a memo concluding Google wasn't legally obligated to disclose the bug, and that there would be no point in telling users since the company had no way to confirm who was affected, according to The WSJ.

Google is shutting down the consumer version of its Google+ social network following the discovery of a vulnerability that allowed app developers access to private profile information.

According to Google, data that may have potentially been disclosed only includes "static, optional Google+ Profile fields including name, email address, occupation, gender and age".

Following this report being published, Google announced that it found the security hole in part thanks to something the company is calling Project Strobe. However, up to 500,000 Google+ profiles were affected by the vulnerability, and 438 applications may have used the API.

"I think Google does have a public relationship issue and this now makes their lack of openness even worse", Ivan Feinseth, an analyst at Tigress Financial Partners said.

Google said it couldn't determine which users were impacted by this bug because the API was created to keep logs for only two weeks, and it didn't have access to historical data longer than that.

Apps will be required to inform users what data they will have access to.

Finding 3: When users grant apps access to their Gmail, they do so with certain use cases in mind.

Action 4: We are limiting apps' ability to receive Call Log and SMS permissions on Android devices, and are no longer making contact interaction data available via the Android Contacts API.

In response to the breach, Google is shutting down all consumer functionality of Google+.

"None of these thresholds were met in this instance", it said.

Google admitted in the blog post disclosing the bug that usage of Google+ has dropped off in recent years.

'This review crystallized what we've known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps, ' Smith said.

Specifically, the issue disclosed Monday came through one of the Google+ "People" APIs, a developer tool available to third-party app developers.

The announcement comes as public scrutiny has intensified around Silicon Valley tech giants' management of user data, among other issues.

Smith said Google+ would wind down over the next ten months, during which time users will be able to download or migrate their data, and the site would be permanently retired in August 2019.