Google announced it is shutting down the consumer version of its online social network after fixing a bug exposing private data in as many as 500,000 accounts. Google discovered a skeleton in its own closet: a bug in the API for Google+ had been allowing third-party app developers to access the data not just of users who had granted permission, but of their friends. In a post about the shutdown, Google disclosed the data leak, which it said potentially affected up to 500,000 accounts. Up to 438 different third-party applications may have had access to private information due to the bug, but Google apparently has no way of knowing whether they did because it only maintains logs of API use for two weeks.
Google announced the first four findings and actions
Finding 1: There are significant challenges in creating and maintaining a successful Google+ product that meets consumers’ expectations.
Action 1: Shutting down Google+ for consumers.
Finding 2: People want fine-grained controls over the data they share with apps.
Action 2: Google launching more granular Google Account permissions that will show in individual dialog boxes.
Finding 3: When users grant apps access to their Gmail, they do so with certain use cases in mind.
Action 3: Google is limiting the types of use cases that are permitted.
Finding 4: When users grant SMS, Contacts and Phone permissions to Android apps, they do so with certain use cases in mind.
Action 4: Google is limiting apps’ ability to receive Call Log and SMS permissions on Android devices, and are no longer making contact interaction data available via the Android Contacts API.
Additionally, Google said in a statement that ”
In the coming months, we’ll roll out additional controls and update policies across more of our APIs. As we do so, we’ll work with our developer partners to give them appropriate time to adjust and update their apps and services.
Our goal is to support a wide range of useful apps, while ensuring that everyone is confident that their data is secure. By giving developers more explicit rules of the road, and helping users control your data, we can ensure that we keep doing just that.”