Google recently announced that it is shutting down Google+, with the service expected to cease operating by Nov. 2019. The announcement came on the heels of a report that an API bug exposed the profile data of 500,000 Google users using 438 different apps. However, Google claims the issue had been resolved back in March.
The decision to phase out Google+ came after Google launched a review of third-party developer access at the start of the year. The review apparently proved what the company had already known—that consumers and developers are not that interested in the platform. The service reportedly has “low usage and engagement,” with the majority of user sessions lasting less than five seconds.
What Happens to Google+ Now?
Google+ users will have ample time to transition. The phase-out is expected to be completed by August 2019 and the company will be releasing additional information in the next few months on how to migrate data.
However, Google intends to keep Google+ open for enterprise customers. But it will be rolling out new features to keep its enterprise version more secure and effective.
Aside from announcing its phase-out of Google+, the company also said its other services will be receiving privacy adjustments. Some of these adjustments include changes to API that will curtail developers’ access to user data on Gmail and Android. The changes will also ensure that developers won’t be receiving call logs and SMS permissions. Contact and basic interaction data from the Android Contacts API will also be blocked.
Keeping Things Quiet
While the security vulnerability occurred several months ago, it was only revealed recently in a Wall Street Journal report which said the breach exposed information like name, age, gender, occupation, and email address of users who listed their profile as private.
In a blog post, Google explained its decision not to reveal the issue to users.
According to Ben Smith, Google’s Vice President of Engineering, the company did not find any evidence of anyone accessing the profile data. There was also no evidence that the API was abused or that any developer was aware of the bug. Google’s “Privacy & Data Protection Office” also evaluated the issue and decided that none of the “thresholds” they were looking for were met.
Experts say that there’s no legal requirement that obliges Google to reveal the security vulnerability. However, Google’s decision to keep things quiet and a memo shared to the Journal warning senior executives against disclosing the existence of the bug will undoubtedly raise privacy and security questions again.[Feature image via Google]