Google team discovered the bug in March 2018
Analysis showed that up to 438 applications may have used this API
Found no evidence around the misuse of profiles data so far
The US-based search giant has decided to shut down Google+, an Internet-based social network that is owned and operated by Google, for the consumers. The company cited reasons such as low user engagement and a software error, first reported by The Wall Street Journal, that potentially exposed the data of around 500K users.
Google+ would be fully shut down by August 2019, to allow users to download and migrate their information. Going ahead, Google will be focusing on pitching Google+ for enterprises.
As the company mentioned in its blog post, “Google+ is better suited as an enterprise product where co-workers can engage in internal discussions on a secure corporate social network. Enterprise customers can set common access rules, and use central controls, for their entire organisation.”
What Led To Data Leak?
Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API. As the company explained, the bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.
Also, this data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age.
“We discovered and immediately patched this bug in March 2018. We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change. We found no evidence that any developer was aware of this bug or abusing the API, and we found no evidence that any Profile data was misused.”
Downway To The History Of Google+
Google+ was launched in 2011 and is the company’s fourth foray into social networking, following:
- Google Buzz (launched 2010, retired in 2011),
- Google Friend Connect (launched 2008, retired by March 1, 2012), and
- Orkut (launched in 2004, as of 2013 operated entirely by subsidiary Google Brazil – retired in September 2014 and relaunched as Hello in August 2016).
Google+ features included the ability to post photos and status updates to the stream or interest-based communities, group different types of relationships (rather than simply “friends”) into Circles, a multi-person instant messaging, text and video chat called Hangouts, events, location tagging, and the ability to edit and upload photos to private cloud-based albums.
At some point, it was also observed as a close competitor to social media network Facebook. However, despite having a large user base of 540 Mn (as of October 2013), the user engagement on the platform has been much less as compared to the other platforms in this space.
In February 2014, The New York Times even likened Google+ to a ghost town, citing Google stats of 540 Mn “monthly active users”, but noting that almost half don’t visit the site.
Even Google admits it in its latest blog. “The consumer version of Google+ currently has low usage and engagement: 90% of Google+ user sessions are less than five seconds.”
Other Steps Taken By Google To Protect Privacy
The shutdown of Google+ is part of company’s drive to make its platform more secure under Project Strobe, which started at the beginning of this year. Project Strobe is a root-and-branch review of third-party developer access to Google account and Android device data and of its philosophy around apps’ data access.
“This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened,” mentioned Google.
Under Project Strobe, Google has come across three other areas which need immediate attention. As a result, the company has taken the following measures:
- launching more granular Google Account permissions that will show in individual dialogue boxes.
- limiting the types of use cases that are permitted
- limiting apps’ ability to receive Call Log and SMS permissions on Android devices, and are no longer making contact interaction data available via the Android Contacts API.
The Sudden Growth In Number Of Data Leaks
The way global leaders have bashed Facebook over the Cambridge Analytica data scandal, it has forced the organisations worldwide to take proactive measures when it comes to data security.
The Wall Street Journal report also accused Google of not disclosing the details about the data leak, for “the fear of facing the wrath of its users.” The result? Google took a decisive step right at the start and shut down the complete platform.
India’s biggest scheme to offer a digital identity to its citizen, Aadhaar also faced months-long trial in Supreme Court, and only recently it got the legal mandate. The Indian government is further taking a tough stand on data localisation. Reports have surfaced that the government is also considering to audit the global database of foreign companies operating in India.
‘Technology is a two-edged sword’ and this has got proven at certain intervals of time. Well, it seems millennials are stepping into the world where ‘data’ will certainly become the most valuable thing so as to protect their own existence.
