By Pascal Oparada
Google is shutting down its social media platform, Google+, after failing to disclose a bug, which allowed the third party to mine data of about 500,000 users on its platform.
In what seems to be Facebook’s Cambridge Anaylytica moment, the tech giant said that it discovered a security bug which allowed third-party developers to access Google+ user profile data since March 2015 but decided to keep quiet about it.
When a user gave permission to an app to access its public profile data, the bug also lets those developers pull their and their friends’ non-public profile fields.
Indeed, 496,951 users’ full names, email addresses, birth dates, gender, profile photos, places lived, occupation and relationship status were potentially exposed, though Google says it has no evidence the data was misused by the 438 apps that could have had access, TechCrunch reports.
Disclosure will likely result “in us coming into the spotlight alongside or even instead of Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal”, Google policy and legal officials wrote in a memo obtained by the Journal. It “almost guarantees Sundar will testify before Congress”, the memo said, referring to the company’s CEO, Sundar Pichai. The disclosure would also invite “immediate regulatory interest”.
Shortly after the story published, Google announced that it was shutting down consumer access to the platform and improve privacy protection for third-party applications.
In a blog post, Google said up to 438 different third-party applications may have had access to private information due to the bug,
but Google apparently has no way of knowing whether they did because it only maintains logs of API use for two weeks.
“We found no evidence that any developer was aware of this bug or abusing the API, and we found no evidence that any profile data was misused,” Ben Smith, the vice-president of engineering, wrote in the blog post.
He defended the decision not to disclose the leak, writing: “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice.”
The news came from a Wall Street Journal report which said Google will announce a slew of privacy reforms in response to the bug.
The changes include stopping most third-party developers from accessing Android phone SMS data, call logs and some contact info. Gmail will restrict building add-ons to a small number of developers. Google+ will cease all its consumer services while winding down over the next 10 months with an opportunity for users to export their data while Google refocuses on making G+ an enterprise product.
Just last week, Facebook reported a hack that affected millions of users in its platform and may face fines from the European Union over data breach following its General Data Protection Regulation which came into effect May this year.
It remains to be seen if the same measure would be meted to the search engine giant.
