In a world where there seems to be a new social network data breach every couple of weeks, according to a Wall Street Journal report, a software glitch within Google+ potentially gave third-party developers access to hundreds of thousands of user’s private data.
Following this report being published, Google announced that it found the security hole in part thanks to something the company is calling Project Strobe. To make sure something like this Google+ leak doesn’t happen again, this new initiative is set out to protect user’s privacy and limit the amount of data developers have access to across the web and Android.
The real concern here is that Google reportedly became aware of the security glitch several months ago but failed to disclose the issue due to “fears that doing so would draw regulatory scrutiny and cause reputational damage.”
According to the WSJ, this vulnerability was live between 2015 and March 2018. Thankfully, according to Google, no developer was aware of the bug, was misusing the Google+ API, or had misused private data from users’ profiles.
One of the changes that Google is making to help give users even more control over their data is more in-depth permission dialog boxes. As you can see from the above screenshots, instead of just offering a master “Allow” button that gives the third-party access to various items, the new permission box will be more granular, details each data type at length, and provide users with the ability to allow or deny each thing.
Google is also making some changes to its Gmail API and is limiting Android apps that request to receive Call Log and SMS permissions. Now, only apps that fit a particular use case will be able to access these permissions.
Because of all of this, Google announced that it would be shutting down Google+ for consumers. The search giant states that it wasn’t able to maintain “a successful Google+ product that meets consumers’ expectations.” The user-facing aspects of the platform will shut down over the next 10 months.