Published: Tue, October 09, 2018
Tech | By Constance Martin

Google+ to be killed after bug exposed up to 500,000 accounts

Google+ to be killed after bug exposed up to 500,000 accounts

Google+ has always been the butt of many jokes as a failed social network that refuses to die, but according to a new report from The Wall Street Journal and then an official response from Google itself, it looks like it's been home to a serious security vulnerability for three years that Google chose to not disclose to the public.

The API flaw allowed third-party app developers to access profile and contact information that chose to sign into the apps via Google.

A flaw was discovered in March that exposed personal information of up to 500,000 people.

The shut down will take place over a 10 month period, with the social network shutting down in August 2019. "We made a decision to sunset the consumer version of Google+", the company said in the post. "As part of its response to the incident, the Alphabet Inc. unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+". The platform does indeed enjoy mild traction with business and enterprise users looking to facilitate communication for their teams, and Google+ will stay around to fulfill that role in some capacity.

However, while doing this security review, Google decided that keeping the social network going was too much work.

A Google spokesperson cited "significant challenges in creating and maintaining a successful Google+ that meets consumers' expectations" along with "very low usage" as the reasons for the move.

LG V40 ThinQ with 5 cameras, Snapdragon 845 SoC launched: Price, specifications
However, LG is still sticking to its backend Fingerprint sensors for the smartphone, unlike its potential rivals. The price is a bit high but not exactly a surprise since premium phones continue to get more and more expensive.

The Wall Street Journal separately reported Monday that Google executives delayed announcing problems with Google+ because of concerns about its reputation and the danger of sparking new pushes for regulation.

Google admits that Google+ has failed to achieve broad consumer or developer adoption since its introduction.

For those wanting to save their Google+ data before the network sunsets, this can be done through Google Takeout while logged in with your Google account. This exploit was patched in the Spring, but Google isn't taking any more chances and is upping the ante on its API's as well as protecting its customers data. Specifically, third-party applications linked to G+ accounts "had access to Profile fields that were shared with the user, but not marked as public". The change makes it so users must individually grant or deny each permission to access data in their consumer Google account, rather than accept or deny permissions all at the same time.

Play Store apps will no longer be allowed to access text message and call logs unless they are the default calling or texting app on a user's device or have an exception from Google.

Google also said it would begin restricting the data it provides to outside developers.

Like this: