Published: Tue, October 09, 2018
Tech | By

Irish data regulator seeks information from Google on security bug

Irish data regulator seeks information from Google on security bug

The issue was discovered and patched in March as part of a review of how Google shares data with other applications, Google said in a blog post.

Google+ has always been the butt of many jokes as a failed social network that refuses to die, but according to a new report from The Wall Street Journal and then an official response from Google itself, it looks like it's been home to a serious security vulnerability for three years that Google chose to not disclose to the public.

Google said it would continue to offer private Google+-powered networks for businesses now using the software.

In addition, Google Account permissions dialog boxes will be split to show each requested permission, one at a time, within its own dialog box.

The demise of Google+ also came as a result of a bug discovered past year but acknowledged for the first time by Google on Monday, and the flaw in one of its Google+ "People APIs" exposed some private user data to third-party developers, including such information as the occupations, genders, ages, and email addresses of many users.

"We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused", Google said in a blog post. From there, you will need to select the Google+ data you want to download, but first, you'll need to hit the "Select None" button, and then select specific services.

Now, users will be given greater control over what account data they choose to share with each app.

Apps will be required to inform users what data they will have access to.

The firm is also ending access to contact interaction data on Android devices.

Only an app users select as their default application for calls or texts will be able to request access to this data.

Several policies Google introduced on Monday are created to curb the data accessible to developers offering mobile apps on the Google Play store or add-on apps for sending and organising Gmail messages.

"Only apps directly enhancing email functionality - such as email clients, email backup services and productivity services (e.g., CRM and mail merge services) - will be authorised to access this data", Smith added.

The firm has also promised to institute new security rules, including limits around the types of use cases that are permitted to access consumer Gmail data.

According to a blog post from Google, the network's anemic user base isn't the only reason they've chose to wind down the service.

Google Chief Executive Officer Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision, according to WSJ. But they did let slip one soul-crushing factoid: 90% of Google+ user sessions last less than five seconds.

Low usage combined with the security challenges mean Google will wind down Google+ over the next 10 months, although it will continue to provide the service to businesses.

The announcement comes as public scrutiny has intensified around Silicon Valley tech giants' management of user data, among other issues.

The closure isn't because people are happier using Facebook and Twitter instead of Google's service.

Like this: