In October, Google announced that it would be shutting down Google+ a bug was discovered. The bug was first discovered in March, but was not publicly disclosed until October. This resulted in transparency concerns.
Google, in response, announced that they’ll shut down the consumer version of Google+.
Thanks to another security flaw, Google on Monday made a new announcement. The company said the shutdown of Google+ will come sooner than originally scheduled. Google+ is now going off completely next April, instead of the previously scheduled August.
While the site is closing in April, API access to the network will be cut off in the next 90 days.
Yet another Google experiment going down…
According to Google, it found this new vulnerability on its own, this time around. And this vulnerability has affected over 50 million users who could have lost their profile information to developers. Users’ name, email address, occupation and age include information that may have been exposed.
David Thacker, Google’s vice president of project management wrote on their blog: “With the discovery of this new bug, we have decided to expedite the shut-down of all Google+ APIs; this will occur within the next 90 days”.
“In addition, we have also decided to accelerate the sunsetting of consumer Google+ from August 2019 to April 2019. While we recognize there are implications for developers, we want to ensure the protection of our users.”
What actually happened?
Thacker says they did a software update in November and that contained the flaw. But Google fixed the flaw within a week. He also believes while they fixed the flaw developers could have accessed the users’ profile information.
“With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile — like their name, email address, occupation, age — were granted permission to view profile information about that user even when set to not-public. In addition, apps with access to a user‘s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.”
So, what next?
Nonetheless, Thacker says Google has “no evidence that the app developers that inadvertently had this access for six days were aware of it or misused.” He continued: “We understand that our ability to build reliable products that protect your data drives user trust… We have always taken this seriously, and we continue to invest in our privacy programs.”
Note, Google shutting down the consumer side of Google only. It will still operate the enterprise version of Google+ for companies that have subscribed to its G Suite service.