SAN JOSE, California - In a shock, but not altogether surprising move, Google has announced it intends to shut down its social media network, Google+.
It will be a slow death however, as Google plans to sunset the platform over a wind-down period of ten months, to allow users a time to "transition."
Alphabet Inc which owns and operates Google and its network of products announced the closure on Monday after admitting up to a half-million users of the Google+ platform have had their personal profile data breached.
’The issue was first discovered and addressed to a degree 8 months ago.
Despite the data concerns, Google on Monday admitted that while its engineering teams have put a lot of effort and dedication into building the Google+ platform over the years, it has not achieved broad consumer or developer support, and has seen limited user interaction with apps. "The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds," Google admitted.
The shuttering of Google-plus, long anticip;ated by the market, still had a significant effect on the fortunes of Google. On Mondays it's parent Alphabet's shares plummeted by 1% to close at $1,155.92.
"Many third-party apps, services and websites build on top of our various services to improve everyone’s phones, working life, and online experience. We strongly support this active ecosystem. But increasingly, its success depends on users knowing that their data is secure, and on developers having clear rules of the road," Google said in a blog on Moday..
"Over the years we’ve continually strengthen our controls and policies in response to regular internal reviews, user feedback and evolving expectations about data privacy and security."
"At the beginning of this year, we started an effort called Project Strobe—a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps’ data access. This project looked at the operation of our privacy controls, platforms where users were not engaging with our APIs because of concerns around data privacy, areas where developers may have been granted overly broad access, and other areas in which our policies should be tightened," Google said in its statement.
"We’re announcing the first four findings and actions from this review today."
Finding 1: There are significant challenges in creating and maintaining a successful Google+ product that meets consumers’ expectations.
Action 1: We are shutting down Google+ for consumers.
"Over the years we’ve received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+," the Internet giant said.
"This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds."
"Our review showed that our Google+ APIs, and the associated controls for consumers, are challenging to develop and maintain. Underlining this, as part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs," the Google statement said.
"Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API."
"The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public," said the Google blog.
"This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age. It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content."
"We discovered and immediately patched this bug in March 2018," said Google. "We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change."
Despite the patch-up, Google admitted it was unabel to identify which of the up to half-million users' data had been breached.
"We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API," Google said Monday.
"We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused."
"Every year, we send millions of notifications to users about privacy and security bugs and issues. Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice," Google said.
"Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance."
"The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+," theInternet giant announced.
"To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data."
"At the same time, we have many enterprise customers who are finding great value in using Google+ within their companies. Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions on a secure corporate social network. Enterprise customers can set common access rules, and use central controls, for their entire organization. We’ve decided to focus on our enterprise efforts and will be launching new features purpose-built for businesses. We will share more information in the coming days," said the Google statement.
Finding 2: People want fine-grained controls over the data they share with apps.
Action 2: We are launching more granular Google Account permissions that will show in individual dialog boxes.
"When an app prompts you for access to your Google account data, we always require that you see what data it has asked for, and you must grant it explicit permission," Google said.
"Going forward, consumers will get more fine-grained control over what account data they choose to share with each app. Instead of seeing all requested permissions in a single screen, apps will have to show you each requested permission, one at a time, within its own dialog box. For example, if a developer requests access to both calendar entries and Drive documents, you will be able to choose to share one but not the other."
"This is what the process looks like today when an app requests access to any data in your consumer Google account (you've always been able to choose whether to grant that permission request):
Finding 3: When users grant apps access to their Gmail, they do so with certain use cases in mind.
Action 3: We are limiting the types of use cases that are permitted.
"We are updating our User Data Policy for the consumer Gmail API to limit the apps that may seek permission to access your consumer Gmail data. Only apps directly enhancing email functionality—such as email clients, email backup services and productivity services (e.g., CRM and mail merge services)—will be authorized to access this data. Moreover, these apps will need to agree to new rules on handling Gmail data and will be subject to security assessments. Developers can read more details on the Gmail Developer Blog. (As always, G Suite administrators are in control of their users’ apps.)," said Google.
"You can always review and control which apps have access to your Google account data (including Gmail) within our Security Checkup tool."
Finding 4: When users grant SMS, Contacts and Phone permissions to Android apps, they do so with certain use cases in mind.
Action 4: We are limiting apps’ ability to receive Call Log and SMS permissions on Android devices, and are no longer making contact interaction data available via the Android Contacts API.
"Some Android apps ask for permission to access a user’s phone (including call logs) and SMS data. Going forward, Google Play will limit which apps are allowed to ask for these permissions. Only an app that you’ve selected as your default app for making calls or text messages will be able to make these requests. (There are some exceptions—e.g., voicemail and backup apps,) said the Google statement.
"Additionally, as part of the Android Contacts permission, we had provided basic interaction data—so, for example, a messaging app could show you your most recent contacts. We will remove access to contact interaction data from the Android Contacts API within the next few months."
"In the coming months, we’ll roll out additional controls and update policies across more of our APIs. As we do so, we’ll work with our developer partners to give them appropriate time to adjust and update their apps and services," said Google.
"Our goal is to support a wide range of useful apps, while ensuring that everyone is confident that their data is secure. By giving developers more explicit rules of the road, and helping users control your data, we can ensure that we keep doing just that."