After security breaches reported by the Wall Street Journal, Google has decided to sunset the application Google+. According to the company’s blog post, the consumer version of Google+ will be shut down over the next 10 months. The company cited security breaches and the failed recognition of the product for the shutdown. A bug in the product’s software was discovered that could give its developers access to private profile data of over 500,000 users. The company maintains that the data that could be accessed was static data, those that are optional information. Like the name, mobile number, gender, age and occupation. It also says that no other data posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content was breached. The bug was discovered and patched in March 2018 but was not disclosed to the public or the Google+ users fearing regulatory scrutiny. Google says that there is no evidence to show that the developers were aware of this bug or any evidence that the data was misused.
Failed RecognitionGoogle has admitted that Google+ had not achieved popularity since its introduction and this failed recognition was just confirmed in the review (Project Strobe) that was conducted early this year. The usage and engagement of the application was shockingly low, almost 90% of the user sessions lasting less than 5 seconds. Google put in a lot of effort to make Google+ more acceptable and hoped more people adopted it. Many also believe that Google+ was created to fend off Facebook. That Google+ will be missed is a joke, but its worth noting that a global giant could also go wrong sometimes. This shutdown was coming eventually but it was the security breach that forced the close so soon.
More from the reviewThe findings of this review regarding Google+ are:
- There was a bug in the Google+ People APIs that gave access to the profile data of the user, that was not marked as public. Around 500,000 Google+ profiles were potentially affected.
- Google could not confirm which profiles could be particularly affected.
- The breached user data is static data, like the optional profile fields for name, email address, age, gender, occupation.
- No other data posted to or connected to Google+ or any other related services could be accessed.
- This bug was discovered and immediately patched in March 2018.
- There was no evidence found to indicate that the developers knew about this bug and could have misused the profile data.
- The data control access provided to several apps through Google accounts are going to be fine-grained. The user can explicitly choose to grant/not grant access to every action that is requested by the app.
- The extent of the access granted to a user’s Gmail account is going to be limited henceforth. Only apps directly enhancing email functionality—such as email clients, email backup services and productivity services (e.g., CRM and mail merge services)—will be authorized to access this data.
- The SMS permissions and Call log access on the Android devices cannot be accessed through the Android apps. Going forward, the contact interaction data will not be available via the Android Contacts API.