Kellen
Update (Dec, 10): Google is pushing up the shutdown date for the consumer version of Google+, now listing the closure to take place in April, 2019 instead of August, 2019. Furthermore, shutdown of all Google+ APIs will take place within the next 90 days. In total, the bug connected to a Google+ API affected 52.5 million users, though, Google states, “No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.”
Google just announced that its failed social network, Google+, is shutting down for consumers. It has been garbage for a long time and neglected by its creators, so it’s probably about time this happened. Unfortunately, the reason they are finally shutting it down is because the service possibly exposed the data of 500,000 users’ profiles. In addition to shutting down G+, Google is also going to attempt to introduce limits on the access APIs have and give you more control over app permissions.
Just as the Wall Street Journal was posting an article that dove into the data exposure, Google announced Project Strobe. What is Project Strobe and how does it relate to this G+ security issue? Google explains Strobe as “a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps’ data access.” In other words, Google neglected Google+, possibly exposed profile info, and is now realizing that it should probably tighten things up a bit.
They came to four findings with Project Strobe with four actions to take. They are:
- Finding 1: There are significant challenges in creating and maintaining a successful Google+ product that meets consumers’ expectations.
- Action 1: We are shutting down Google+ for consumers.
Finding 2: People want fine-grained controls over the data they share with apps - Action 2: We are launching more granular Google Account permissions that will show in individual dialog boxes.
- Finding 3: When users grant apps access to their Gmail, they do so with certain use cases in mind.
- Action 3: We are limiting the types of use cases that are permitted.
- Finding 4: When users grant SMS, Contacts and Phone permissions to Android apps, they do so with certain use cases in mind.
- Action 4: We are limiting apps’ ability to receive Call Log and SMS permissions on Android devices, and are no longer making contact interaction data available via the Android Contacts API.
What do you need to know from each? A few things.
For action 1, Google+ for consumers is shutting down. That’s probably a good thing. Google found that no one was using it, saying that “Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.” They do see some companies using it for business purposes and will keep it as an enterprise product, similar to Hangouts.
As for the possible data exposure, Google found a bug in an API that developers could use that exposed profile data for up to 500,000 people, even if you had marked it as private. Google says they have no evidence that any developer harvested that data and don’t show evidence that any even knew the bug existed. The info that was possibly exposed was only name, email address, occupation, gender and age. That’s it, according to Google.
Google will take the next 10 months to kill off G+ for consumers, finishing it off by August of 2019. Over the course of this slow shutdown, they’ll let you know of ways to download and migrate your data from it.
If you want to know more on that, be sure to follow through that source link.
For action 2, Google is preparing to give you more fine-grained controls over permissions in Android apps and the account data you share with them. Above, you can see how those controls will soon look. Rather than seeing all requested permissions on a single screen, you’ll soon go through each permission individually to allow to deny.
For action 3, this is related to Gmail and is limiting what permissions apps can seek as it relates to Gmail data. Google says that “only apps directly enhancing email functionality—such as email clients, email backup services and productivity services,” will be given authorization.
And finally, for action 4, Google is going to limit how many apps are allowed to ask for phone and SMS data permissions in Google Play. Soon, only the apps that you have selected as defaults for these apps will be able to make those requests. They’ll further limit these permissions by removing contact interaction data for the Android Contacts API.
So, quite a few security and privacy changes were announced here. I just gave you the briefest overview, but I suggest you jump through that link below for lengthier details. For timing, these changes will start rolling out right away and continue over many months.
RIP, G+. You won’t be missed.
Collapse Show Comments