Published: Mon, October 08, 2018
Tech | By

Google shutting down Google

Google shutting down Google

But managers at the company chose not to go public with the bug, however, because they anxious that it would invite scrutiny from regulators, particularly in the wake of Facebook's recent security missteps.

Shortly after the report was published, Google announced that it would be shutting down Google+ for consumers, seven years after it was launched, citing the incident as part of the cause. In other words, Google neglected Google+, possibly exposed profile info, and is now realizing that it should probably tighten things up a bit.

The WSJ quoted an internal Google memo that said doing so would draw "immediate regulatory interest". The company was careful to frame the decision as only affecting the consumer version of Google+, suggesting the data-tying component of the platform will continue to live on as an enterprise feature under the same name.

News of the bug sent shares of Google's parent company, Alphabet, down as much as 2.2 percent to $1,142.43 on Monday afternoon.

Just like with Facebook and Twitter, Google+ users can also allow a third-party app to access the public profile information of a user's friends. However, up to 500,000 Google+ profiles were affected by the vulnerability, and 438 applications may have used the API.

Google said it would continue to offer private Google+-powered networks for businesses now using the software. Google found no evidence of data misuse. Google says that "only apps directly enhancing email functionality-such as email clients, email backup services and productivity services", will be given authorization.

The company said the bug was located in the Google+ People API. While found and patched in March 2018, it was not disclosed until today. Still, as part of the response to the incident, Google is planning to shut down the social network permanently, the Journal said.

So, quite a few security and privacy changes were announced here. This should translate to only your default phone and texting apps having access to your call and SMS data. Users have to provide "explicit permission" in order for them to gain access to it. The API was created to only keep logs for two week periods.

The firm is also ending access to contact interaction data on Android devices.

Only email clients, email backup services and productivity services will be able to access this data.

As for consumers, Google is now promising new security rules and tools to avoid a similar goof again. Google CEO Sundar Pichai was briefed on the decision to not disclose the finding, after an internal committee had already decided the plan, the Journal said.

In the blog post, Google said it did not immediately announce the problems with Google+ because it was not sure which users to inform, who they were and what affected users could do to protect themselves.

Like this: