Google is shutting down its long-neglected Facebook competitor Google+ following the disclosure of a vulnerability that could have resulted in third-party developers accessing private data from around 500,000 users, the company announced Monday.
Per WSJ, a "software glitch" allowed user data to be potentially exposed to unwanted eyes from 2015 all the way through March 2018 when Google learned about it. "The consumer version of Google+ now has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds", the company said in a statement.
Google+ has always been the butt of many jokes as a failed social network that refuses to die, but according to a new report from The Wall Street Journal and then an official response from Google itself, it looks like it's been home to a serious security vulnerability for three years that Google chose to not disclose to the public. However, it says it has tracked down "up to 438" apps that may have used the API in question.
Google also noted that the data that was exposed was limited to "optional Google+ Profile fields including name, email address, occupation, gender and age". The consumer version of Google+ now has low usage and engagement: "90 percent of Google+ user sessions are less than five seconds".
'We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused, ' Smith said. Users' private messages were not affected, according to the company.
Just as the Wall Street Journal was posting an article that dove into the data exposure, Google announced Project Strobe. Now, only apps that fit a particular use case will be able to access these permissions. Chief Executive Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision, the people said.
We made Google+ with privacy in mind and therefore keep this API's log data for only two weeks. The first move? Shut down Google+ for consumers.
The announcement comes as public scrutiny has intensified around Silicon Valley tech giants' management of user data, among other issues.
Google said Monday that it will phase out Google+ over the next ten months. Over the course of this slow shutdown, they'll let you know of ways to download and migrate your data from it.
In the blog post, Google said it did not immediately announce the problems with Google+ because it was not sure which users to inform, who they were and what affected users could do to protect themselves.
Google says it will give users a 10-month period to transition out of Google+, slated for completion by the end of next August.
And finally, for action 4, Google is going to limit how many apps are allowed to ask for phone and SMS data permissions in Google Play.