Google+ shuts after bug allowed third-party developers to access user profile data

Google+ shuts after bug allowed third-party developers to access user profile data
Nearly 500,000 members of the Google+ social networking site had their user profile data left out in the open, easily accessible to third-party developers for over two years. Instead of reporting this to subscribers of the service, Google decided to just let it slide so that it wouldn't be subject to investigation by regulatory agencies. As a result of a software bug related to the APIs used for Google+, 438 apps potentially had access to names, birthdates, email addresses, profile photos, occupations and more data covering 496,951 Google+ users.

While Google says that it has no evidence that any of this information was misused, the data was left out in the open from 2015 to March 2018. That's when Google finally shut the door on the bug. An internal Google memo said that if it reported the issue, it would result in Google "coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal." A Google spokesman says that while the company was trying to decide whether or not to go public about the security breach, the company took into consideration "whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met here."

Google said today that it has decided to shut down the consumer version of the Google+ app. This was not a successful venture for Google, and the latest data showed that 90% of sessions on the app were lasting less than five seconds long. The company says that it also will cut back on the amount of data belonging to Android and Gmail users that is available to outside developers. Google plans to change the way apps ask for permissions, giving Android users more control over which permissions they want to give. In addition, Google is limiting the ability of Android apps to obtain Call Log and SMS permissions on Android devices, and is no longer allowing access to contact interaction data through the Android Contacts API.

Going forward, Google could face legal action for its failure to report the security breach to the public. Whether it was legally responsible to do so isn't totally clear. The company says that in the coming months, it will tighten up controls and policies for its APIs. By doing this, it hopes to make users of Google's apps confident that their data is secure.

How a software glitch helped developers access user data belonging to Google+ members

How a software glitch helped developers access user data belonging to Google+ members


source: Google

FEATURED VIDEO

14 Comments

1. Vokilam

Posts: 984; Member since: Mar 15, 2018

I believe a class action lawsuit is in order. Why? Because just like many users of android I was forced to get a Google plus account, even if I didn’t want it. What also pisses me off, that even if I close my account, my data is still there (correct me if I’m wrong).

4. Back_from_beyond

Posts: 1088; Member since: Sep 04, 2015

You can delete that data if you want before deleting your account. And what would you base your class action lawsuit on? There's no sign it was misused claims Google, so no one has anything to sue over. Sure you can try to claim your data was at risk, but you'll get laughed out of court. It's a good thing thay they finally decided to shutter Google+, an absolute waste of resources.

8. Vokilam

Posts: 984; Member since: Mar 15, 2018

You shmuck, you didn’t see what I did? I paraphrased what you said when Apple servers got hacked. And now your all defensive? Please tell me how this is not the same thing. Wow this was golden.

11. Back_from_beyond

Posts: 1088; Member since: Sep 04, 2015

Actually you did no such thing and this is completely different from Apple once again getting hacked. If you can't see the difference, you're an idiot.

7. mixedfish

Posts: 1542; Member since: Nov 17, 2013

It's so bad, every year a few times I have to recheck my privacy settings on the thing because my Youtube channel keeps bleeding out information and crossing over to my Gmail/Google+. Never asked for all this stuff but they keep enforcing it. And then now they just close it with a snap of the fingers? It's laughable I tell you.

2. AfterShock

Posts: 4146; Member since: Nov 02, 2012

To potentially access, no data was accessed as title implies many did which is wrong, sigh.

9. Vokilam

Posts: 984; Member since: Mar 15, 2018

So when Apple said no data was breached in recent hack - it’s bull, but if google says no data was accessed - it’s devine truth.

3. darkkjedii

Posts: 30675; Member since: Feb 05, 2011

Bugs galore in the OS’s man.

5. gamehead unregistered

Good riddance

6. thecorrescode

Posts: 40; Member since: Mar 28, 2013

Google+ still exists?

10. Vokilam

Posts: 984; Member since: Mar 15, 2018

Yes, against wishes of many that use at least one google service.

12. RebelwithoutaClue

Posts: 5473; Member since: Apr 05, 2013

You do know that a G+ account isn't created automatically when you create a Google account. Nor does it impact your Google account when you delete your G+ profile. This has been the case for 2-3 years now. I (and many others) will miss it. I know a lot of Android developers will miss it too.

14. Vokilam

Posts: 984; Member since: Mar 15, 2018

See post from mixed fish above. But I can attest that when I had my Gmail account - they added g+ and even emailed me to provide info additional about myself to complete the information already displayed on my g+. I don’t even have a Facebook account. I hate extra accounts. This drove me nuts.

13. yalokiy

Posts: 866; Member since: Aug 01, 2016

"Google+ shuts after bug allowed third-party developers to access user profile data" There is big difference between "shuts" and "will shut down sometime in the middle of 2019".

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.