Google has announced it will be closing down its Google+ social network for consumers and giving users better control over their data. The moves come after the company’s Project Strobe, started earlier this year to review third-party developer access to Google account and Android device data, found out that the profiles of up to 500,000 Google+ accounts were likely exposed to external developers. The bug was discovered and fixed in March but the company cannot say which users were affected because it only keeps API log data for two weeks. The wind-down of Google+ for consumers will take ten months.
The Wall Street Journal reported that the company decided not to disclose the information at the time for fear of bringing in more regulatory scrutiny and of further damaging its reputation, according to sources. These added that CEO Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision.
In its blog report, Google noted that it will be keeping Google+ for business users and that it will soon launch new features for them. For consumers, the social network had low usage and engagement, while its APIs, and the associated controls for consumers were challenging to develop and maintain.
Regarding the bug found, the company explained that external app developers would have had access to profiles and information such as name, email address, occupation, gender and age. The company stressed that no further information, such as what was posted or connected to Google+ or any other service, would have been disclosed. Google added that it found no evidence that any developer was aware of this bug, or was abusing the API. It also found no evidence that any profile data was misused.
Google’s Project Strobe came up with four main conclusions, namely the closure of the social network for consumers, and that people, in general, want fine-grained controls over the data they share with apps. The company will, therefore, will give more information about the data users are being asked about, with explicit permission features.
Google will also limit the types of use cases that are permitted. An update to the company’s User Data Policy for the consumer Gmail API will limit the apps that can seek permission to access consumer Gmail data. Only apps directly enhancing email functionality will be authorised to access this data. The apps will also need to agree to new rules on handling Gmail data and will be subject to security assessments.
Lastly, when users grant SMS, contacts and phone permissions to Android apps, they do so with certain use cases in mind. Google will, therefore, limit app abilities to receive call log and SMS permissions on Android devices, and will no longer make contact interaction data available via the Android Contacts API.
Google plans to roll out additional controls and policy updates over the coming months.