Google Announces New Data Controls and the Closing of Google+ After Security Lapse


Fully [H]
Apr 10, 2003
Google has announced that it is shuttering its beleaguered social media portal Google+ in response to a security lapse where 3rd party developers could access private consumer data from 2015 until March 2018. The Wall Street Journal exposed the breach this morning. Project Strobe was an internal audit of privacy controls and a deep look into what data Google was sharing with 3rd party developers. The data from the security lapse was limited to optional Google+ profile fields including name, email address, occupation, gender and age. Google is adamant that it wasn't connected to other service like messages, Google account data, phone numbers, etc. The audit found no evidence of 3rd party developers exploiting the bug.

Google also announced new granular data privacy controls where a user will have to cycle through separate screens for each type of data that they are willing to share with 3rd party apps. They also announced that only email enhancing apps will be granted access to consumer Gmail data and the release of a security checkup tool to see which apps have access to your data. The last security enhancement that Google has announced is the limiting of Call log and SMS permissions for 3rd party apps. Basically the consumer will have to choose an app to be their default app and it will have permission to that data alone. Most recent contacts will be removed from the Android Contacts API in the future.

At the beginning of this year, we started an effort called Project Strobe--a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps' data access. This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened.
Part of me is sad to see google+ being shuttered, but it was kind of inevitable. They never got the traction to really get going. Why? Because it wasn't a hotornot clone for colleges... that's how facebook started.
Is it bad that unless a databreach includes Passwords, Social security numbers, or credit card information... I honestly just don't care anymore?

I mean if it doesn't include those 3 - it's likely already available elsewhere anyhow.
Google was in prime position to end Facebook with Google+, and they screwed it up by making people beg for invites, making it "exclusive" and about who you know rather than who you are. Lots of people, including myself, stayed away because of the elitism. If they had merely opened the platform to everyone from the start, Facebook would be today's MySpace. Everyone would have moved. One of the biggest tech failures of our time, and it was all because of the ill conceived rollout.
"We have no undetected hacks"

If there was ever a more self serving statement....

Facebook gets crucified for coming forward, so far barely a burp with Google burying the lead - guess what companies are going to do in the future?

Good thing they dropped the whole "don't be evil" from their corporate governance.
Aaaand now because of Action 4, i (and lot of other developers) will have to redo our OTP reading code. Yay so much fun.
I really never found a functional reason to care about Google+, what more do I need to say?
Now if they will only let me opt out of how THEY GOOGLE use my data for advertising purposes.....
Nearly 3 full years of a "lapse"

meanwhile the long lasting effects of what "private" information got taken means that consumers will just have to fend for themselves.