It's been a while since Google+ was in the news, but that's changing today, and not for the good.
A software glitch with Google+ allowed outside developers to potentially access user data between 2015 and March 2018, according to a new report from The Wall Street Journal. According to an internal memo view by the WSJ, the data exposed included full names, email addresses, birth dates, gender, profile photos, places lived, occupation, and relationship status. Not included were phone numbers, email messages, timeline posts, or direct messages.
Google opted not to disclose this bug to the public. An internal memo from Google's legal and policy staff to senior execs said that disclosing the issue would probably result in "immediate regulatory interest." Google CEO Sundar Pichai was told of the plan not to disclose the issue. The aforementioned memo goes on to say that Google has no evidence that any outside developers misused this Google+ user data, but acknowledges that it has no way of knowing for sure that that's the case.
Following today's WSJ report, Google put up a blog post confirming that it patched the Google+ bug in March 2018. "We believe it occurred after launch as a result of the API's interaction with a subsequent Google+ code change," Google explains. After analyzing the bug for two weeks before patching it, Google found that up to 500,000 Google+ profiles were potentially affected.
Google says that it found no evidence that any developer was aware of the bug or abusing the API. It also says that it found no evidence that any user profile was misused.
Despite saying that no user profile data was misused by this bug, Google has decided to shut down the consumer version of Google+. The company explains that Google+ has not gotten broad consumer or developer adoption, with 90 percent of Google+ sessions lasting less than five seconds. The sunsetting of Google+ will be spread out over a 10-month period, with a completion goal of the end of August 2019. Users will be given a way to download and migrate their data.
Google is also planning to roll out stronger user privacy tools. The company is rolling out more granual Google Account permissions that'll require apps to show each requested permission, one at a time, in its own dialog box. Additionally, Google is updating its User Data Policy for the consumer Gmail API to limit the apps that can get permission to access your Gmail data.
Finally, Google its limiting apps abilities to get Call Log and SMS permissions on Android. Only an app that you've selected as your default calling and text app will be able to request your phone and SMS data and are no longer making contact interaction data available via the Android Contacts API. Google also says that it's no longer making contact interaction data available via the Android Contacts API.