Google closes Google+ for consumers after a third-party access to account data investigation that exposed a serious privacy bug. Google kept the vulnerability months under the cap.
Stopping Google+ for consumers follows the outcome of Project Strobe a study that Google launched at the beginning of this year. That investigation involved access to Google accounts, Android devices and apps by developers outside Google itself, via APIs. “Our review shows that our Google + APIs, and the associated consumer management, are difficult to develop and maintain,” Google reports.
The company found a bug in the Google + People API, which made it possible access to profile data and the public information of friends of that person. Third party apps could also be used with profile data that the user had indicated that they had to remain protected. concerned static, optional data such as name, e-mail address, work, gender and whether the person has a relationship.
Google claims to have found the bug in March and then resolved it . An analysis showed that potentially 500,000 Google + accounts were vulnerable and that 438 accounts used the relevant API. At the same time, Google recognizes that Google+ saves logs from just two weeks, preventing the actual number of vulnerable accounts.
The company’s Privacy & Data Protection Office was notified of the bug but concluded that it was not publicity, among other things because there was no evidence that the data was abused or that developers knew about the bug. However, according to The Wall Street Journal, Google also argued that Google was afraid of reputational damage and that the company came into the sights of the authorities. At that time, the case of Cambridge Analytica, which came through an api behind data from more than 50 million Facebook users
Google takes ten months to close Google+ for consumers. The network is still suitable for enterprise users, according to the company, which recognizes that the use by consumers and developers is very low.
Project Strobe has also led to Google giving users more management options for their Google Account, with individual dialog boxes for permission. In addition, Google limits the number of apps that have access to Gmail and those apps also only have to offer functionality in the field of the e-mail. Google also limits the possibilities of apps that have access to conversation history and SMS on Android and can no longer access contact information via the Android Contact API.