Google+ Shuts Down In Wake Of Security Lapse

Google has shut down Google+ for consumers after it discovered a bug in one of the Google+ People APIs which gave access to Profile fields that were shared with a user but not marked as public. In a post on Monday, Google also said that the consumer version of the platform saw minimal traffic and users were more active on the enterprise version.

Google has shut down Google+ for consumers after it discovered a bug in one of the Google+ People APIs which gave access to Profile fields that were shared with a user but not marked as public. In a post on Monday, Google also said that the consumer version of the platform saw minimal traffic and users were more active on the enterprise version.

Google+ Shut down

Source: blog.google

The implementation of this sunsetting of Google+ for consumers will happen over a 10-month period while the one for enterprise customers will stay as it is. Google states that the consumer version of Google+ currently has very low usage and engagement and 90% of Google+ user sessions last less than five seconds. An effort was initiated at the beginning of this year as a part of Project Strobe which reviewed third-party developer access to Google account and Android device data. The review discovered the bug which was patched immediately in March 2018 but Profiles of around 500,000 Google+ accounts were potentially affected.

Google also refined on its account permissions controls and is now launching one with individual dialog boxes for individual requests. This means that if an app now wants to access both your Calendar entries and Drive documents, it’ll prompt two separate dialog boxes with separate requests. In both of the cases, you can choose to either accept or deny the request individually.


Source: blog.google

Many third-party apps, services, and websites build on top of our various services to improve everyone’s phones, working life, and online experience. We strongly support this active ecosystem. But increasingly, its success depends on users knowing that their data is secure, and on developers having clear rules of the road.”, wrote Ben Smith, Google Fellow and Vice President of Engineering.

Further, Google is limiting the types of use cases that are permitted in Gmail. From now on, only apps directly enhancing email functionality - such as email clients, email backup services and productivity services, will be authorized to access consumer Gmail data. Earlier this year, The Wall Street Journal detailed on how easy it is for third-party app developers to access users’ Gmail messages, upon which Google advised users to review their apps and the permissions they are granted and revoke them if necessary.

Google new policy also blocks apps from receiving Call Log and SMS permissions on Android devices via the Android Contacts API. Only the default app selected for making calls or text messages will have access to it now.

See the official blog post here.