Google+ has always been the butt of many jokes as a failed social network that refuses to die, but according to a new report from The Wall Street Journal and then an official response from Google itself, it looks like it's been home to a serious security vulnerability for three years that Google chose to not disclose to the public. The glitch was live for almost three years, according to the reports, but Google decided not to make the breach public because it feared regulation.
Now, the consumer version of Google+ is going away.
A vulnerability in the Google+ social network exposed the personal data of up to 500,000 people using the site between 2015 and March 2018, the search giant said Monday.
The enterprise version of Google+ is to continue.
Shortly after the report was published, Google announced that it would be shutting down Google+ for consumers, seven years after it was launched, citing the incident as part of the cause. "We found no evidence that any developer was aware of this bug, or abusing the API", Smith says, "and we found no evidence that any Profile data was misused".
Along with this, Google will also force app developers to provide more detailed explanations of what it intends to do with your Google Account if it's requesting access to it.
T minus one day to ‘Made by Google' Pixel event
After all the leaks, it's not surprising to know that Google will also reveal a new Chromecast dongle just like a year ago . It's not sure if Google will keep the wireless earbuds or not, but they are likely to add wired earbuds in Pixel 3 box.
Besides low usage, Google+ engagement rates are also defeating, with 90-percent of all sessions lasting for under five seconds, according to Alphabet's subsidiary. In other words, things like photos should not have been at risk.
Only an app users select as their default application for calls or texts will be able to request access to this data.
Affected data included Google+ profile information like names, email addresses, occupations, gender and age information, but no personal messages, according to the company, which added that it didn't find any evidence that any developer actually exploited the bug to access any of this information. The service will be wound down over the next 10 months, with the ultimate shut-down coming in August 2019.
The news comes as Silicon Valley companies have been increasingly scrutinized for their data collection practices. Google says that "only apps directly enhancing email functionality-such as email clients, email backup services and productivity services", will be given authorization. The API was created to only keep logs for two week periods.
And finally, for action 4, Google is going to limit how many apps are allowed to ask for phone and SMS data permissions in Google Play.
The company said that it often notifies users when there are security issues and flaws and user data is affected, but its privacy and data protection office said the bug did not meet the threshold. Over the course of this slow shutdown, they'll let you know of ways to download and migrate your data from it.