Google Announces the Shutting Down of Google+
Internet giant Google has announced the shutting down of Google+, which was launched seven years ago and which had seen its user base dwindling considerably in recent times.
Xinhua reports, “U.S. internet giant Google said Monday that it is shutting down the consumer version of its own social networking site Google+ due to low usage and a bug discovered in March last year that could leak the data of about half a million of its users.”
The security vulnerability that reportedly catalyzed the shutting down of Google+ was discovered recently, about six months ago. The bug was causing data breach and affected many Google+ users and their friends as well.
The Guardian reports, “This March, as Facebook was coming under global scrutiny over the harvesting of personal data for Cambridge Analytica, Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends.”
Google, which is a subsidiary of Alphabet Inc., had detected the bug during an internal audit called Project Strobe, which re-examined all APIs (Application Programming Interfaces) linked to Google+ to check for data leaks.
A Google blog post authored by Ben Smith, Google fellow and Vice-President of Engineering, explains the findings of the audit, which ultimately made the internet giant think of closing down the social networking site. The blog says, “Over the years we’ve received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+…This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.”
The blog further says, “Our review showed that our Google+ APIs, and the associated controls for consumers, are challenging to develop and maintain. Underlining this, as part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs.”
The bug could lead to apps accessing profile information that the users had not marked as public. The Google blog says, “This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age”, and adds, “It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.”
Google immediately fixed the issue through patches. However, the users who have been affected couldn’t be identified as the API log data is kept only for two weeks. The inference is that up to 500,00 accounts could have been impacted.
The Google blog post says, “We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.”
Google also claims to have found no evidence suggesting any developer abusing the API or misusing any Profile data.
Finally, because of the issues bugging Google+, the decision to close down the social networking site has been taken. The closing down will take 10 months to happen.
The Google blog post reads, “The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+…To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data.”
However, Google Plus would continue to exist as an enterprise product and would also be launching “new features purpose-built for businesses”.
Kevin Jones719 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.