Google Plus to go sunsetting after developers find API exposing accounts

Last Updated: Tue, Oct 09, 2018 11:45 hrs

Seems Google's attempt at social networking may go down the drain after all.

The search technology major which had pulled the plug on Orkut, may plug the lifeline on Google Plus, a social networking product that was initially hailed as a competitor to Facebook but never went any closer owing to engagement.

The tech giant is contemplating shuttind down the networking site with a senior Google representative claiming that a technical glitch had compromised accounts and personal information of nearly 500,000 users.

Ben Smith, a Google Fellow and vice-president of engineering, in Google's blog post on Monday noted that it could not be verified how many users were impacted by the bug but analysis showed that "profiles of up to 500,000 Google+ accounts were potentially affected."

The bug was exposed last summer according to Washington Post, but Google claimed that it had not been used to abuse accounts.

In fact the report said that Google may have had info on the glitch as eaerly as March 2015-18, with internal investigators detecting and attempting to fix the issue.

The internal team believed that disclosing the incident would invite comparisons similar to Facebook's leak of user information to data firm Cambridge Analytica.

Surprisingly, Google's internal team appraised Sundar Pichai of it's decision not to inform customers. Pichai in the meanwhile made multiple public appearances but not even once raised the issue of security.

What is this Social Bug:

  • A User signs up for Google services and enters relevant details such as Gender, birth date, relationship status etc for accessing Google Plus services.
  • The User specifically makes his profile visible only to his friends.
  • One of his friends however signs up for an app and gives it permission to access his individual profile information.
  • The bug allows detection details of the friend as well as the other user.
  • Google was reported as saying that the glitch was discovered and fixed in March 2018. Says, no misuse of data.

Smith detailed in his blog that nearly 438 applications had used the API. "We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused," he said.

He further wrote that The technical bug was detected as part of an effort called Project Strobe started by Google early this year. It is a root-and-branch review of third-party developer access to Google accounts and Android device data and of our philosophy around apps' data access.

"This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened," Smith said.

Smith, announced that Google Plus will not be shut down immediately but reported of a "Sunsetting".

He wrote, "To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data."

Google also announced launch of more granular Google account permissions that will show in individual dialog boxes.

"When an app prompts you for access to your Google account data, we always require that you see what data it has asked for, and you must grant it explicit permission," he said.

"Going forward, consumers will get more fine-grained control over what account data they choose to share with each app. Instead of seeing all requested permissions in a single screen, apps will have to show you each requested permission, one at a time, within its own dialog box," Smith said.

More from Sify: