Google + security bug disclosed, service to be shut down

Ruben Fields
October 9, 2018

As part of Strobe, which launched earlier this year, one of its first priorities was to review all APIs related to Google+. Shares of Alphabet Inc fell by about 1 percent in response to the story.

The information exposed in the Google+ data breach included full names, email addresses, birth dates, gender, profile photos, places lived, occupation, and relationship status.

Even if you, like many, haven't used your Google+ account, it could still be at risk.

Play Store apps will no longer be allowed to access text message and call logs unless they are the default calling or texting app on a user's device or have an exception from Google. To make matters worse, Google decided not to share knowledge of the data breach when it was discovered in March. No developer exploited the vulnerability or misused data, the company's review found.

Google reports that it found no evidence that any developer was aware of the bug, or that any abuse occurred.

The bug was discovered in March of 2018, but was presumed to have been open since sometime in 2015.

The issue apparently came about when a user granted permission to an app, allowing it to access their public data.

Google's failed attempt at a social media platform, Google+, will soon be coming to an end.

Wozniacki comes full circle by reclaiming China Open title
Open champion Naomi Osaka in the semifinal, but couldn't handle the second-seeded Wozniacki's punishing groundstrokes. Fognini withdrew from the semi-final because of ankle pain.

It also announced other security features.

The bug was patched two weeks after it was initially discovered (Google took two weeks to analyze the data before patching the hole), but has now chose to shut down Google+ as a consumer service.

Android data access is being restricted to app developers.

Applications tailored to augment Gmail will also face new rules regarding data handling and be subject to security assessments, according to the company. They'll further limit these permissions by removing contact interaction data for the Android Contacts API. The company has found no evidence that Profile data was misused.

Only email clients, email backup services and productivity services will be able to access this data.

Google says the consumer version of the Google+ will be shuttered by next August, though companies may still use a different version.

In a memo viewed by WSJ that was sent to senior executives, including CEO Sundar Pichai, Google's legal and policy staff stated that disclosing the incident would trigger "immediate regulatory interest".

A major security bug appears to also be to blame for the Google+ shutdown. "Given these challenges and the very low usage of the consumer version of Google+, we made a decision to sunset the consumer version of Google+", Google said in the blog announcement.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER