cageymaru
Fully [H]
- Joined
- Apr 10, 2003
- Messages
- 22,429
Google has announced that it is shuttering its beleaguered social media portal Google+ in response to a security lapse where 3rd party developers could access private consumer data from 2015 until March 2018. The Wall Street Journal exposed the breach this morning. Project Strobe was an internal audit of privacy controls and a deep look into what data Google was sharing with 3rd party developers. The data from the security lapse was limited to optional Google+ profile fields including name, email address, occupation, gender and age. Google is adamant that it wasn't connected to other service like messages, Google account data, phone numbers, etc. The audit found no evidence of 3rd party developers exploiting the bug.
Google also announced new granular data privacy controls where a user will have to cycle through separate screens for each type of data that they are willing to share with 3rd party apps. They also announced that only email enhancing apps will be granted access to consumer Gmail data and the release of a security checkup tool to see which apps have access to your data. The last security enhancement that Google has announced is the limiting of Call log and SMS permissions for 3rd party apps. Basically the consumer will have to choose an app to be their default app and it will have permission to that data alone. Most recent contacts will be removed from the Android Contacts API in the future.
At the beginning of this year, we started an effort called Project Strobe--a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps' data access. This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened.
Google also announced new granular data privacy controls where a user will have to cycle through separate screens for each type of data that they are willing to share with 3rd party apps. They also announced that only email enhancing apps will be granted access to consumer Gmail data and the release of a security checkup tool to see which apps have access to your data. The last security enhancement that Google has announced is the limiting of Call log and SMS permissions for 3rd party apps. Basically the consumer will have to choose an app to be their default app and it will have permission to that data alone. Most recent contacts will be removed from the Android Contacts API in the future.
At the beginning of this year, we started an effort called Project Strobe--a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps' data access. This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened.