Google has announced it is to shut down its social media network Google+ after the tech giant suffered a massive data breach that exposed 500,000 users to more than 438 third-party developers.
According to Google a security flaw in one of Google+’s People APIs allowed third-party developers to access data such as usernames, email addresses, occupation, date-of-birth, profile photos and gender-related information.
Google assured those potentially affected that they had found no evidence that any developer had been aware of the bug, or that any of the data was misused.
Google discovered the vulnerability in March, but the flaw has been present since at least 2015. It is thought the company had delayed disclosing the breach when Facebook was embroiled in the Cambridge Analytica scandal.
Following the security breach, Google then took the decision to close down Google+, acknowledging that the service had failed to gain broad adoption or significant impact with consumers. It found that 90% of user sessions were less than five seconds. The service will finally shut down by August 2019. It will though continue as a product for Enterprise users.
Following the decision to shutdown Google+, the company announced it had reviewed third-party developer access to Google account and Android device data. And, as a consequence have introduced new privacy controls.
Currently, when third-party developers prompt a user for access to their Google account data, clicking the Allow button meant approving all requested permissions at once.
Now Google has updated its Account Permissions system so that it asks for each requested permission individually rather than all at once. This should give users more control over what type of account data they choose to share with each app. Google has also limited access to Gmail for apps that only directly enhance the email functions.
The tech giant has also tightened up security to prevent abuse and potential leakage of sensitive calls and text log data. For instance, to prevent users’ abuse against surveillance and commercial spyware apps Google has now included a new rule under its Google Play Developer Policy that will limit Call Log and SMS permission usage to your default phone or SMS apps only.
The changes are part of Google’s Project Strobe, which they describe as a root-and-branch review of third-party developers’ access to Google account and Android device data, as well as its general idea around apps’ data access.
And, while these changes are now available, developers have been given 90 days, till 6 January 2019 to update their apps and services.
If you currently have a Google+ account here’s how to safely delete it.
First download your data
To save any of the data you shared on your Google+ account, including photos, visit Google Takeout’s ‘Download Your Data’ page, select Google+. Choose Next and then select how you would like your archive delivered.
You can be sent a download link via email, the archive can be placed in your Google Drive or it can be uploaded to Dropbox or Microsoft OneDrive, with the links emailed to you.
Delete your Google+ profile
Sign in to your account at google.com/downgrade and follow the instructions to delete your Google+ profile. If you don’t see the downgrade page and instead see an upgrade, you have already deleted your Google+ profile.
For the Google+ Android app
Google reveals on a support page that the Google+ app can’t be deleted on some Android devices, but they can be disabled. Either way you’ll need to open your Android device’s Settings app, choose Apps & Notifications, select Google+ and then tap uninstall or disable.
Image: Google Inc