The demise of Google+ also came as a result of a bug discovered previous year but acknowledged for the first time by Google on Monday, and the flaw in one of its Google+ "People APIs" exposed some private user data to third-party developers, including such information as the occupations, genders, ages, and email addresses of many users. The technology giant opted not to disclose the problem last spring, the Journal reported, in part because of fears of attracting regulatory scrutiny. According to the Journal, Google discovered that for two to three years ending earlier in 2018, outside companies that could hook their apps into Google+ were able to access some information that friends of Google+ users meant to keep private, including their birth dates and profile photos.
Google says it hasn't found any evidence that developers were aware of the bug, so it's unlikely that anyone abused it.
In a blog post, the company admitted Google+ had failed to achieve "broad consumer or developer adoption" since it launched as a would-be Facebook rival in 2011. Basically, the Google+ Application Programming Interface allowed third-party apps integrated with the service to access data that users had marked private.
"The consumer version of Google+ now has low usage and engagement", Smith notes in a new blog post. Still, Facebook's Cambridge Analytica breach was revealed in March, and that didn't prevent a £500,000 ($652,000) fine by Britain's Information Commissioner's Office.
"It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content", said Ben Smith, Google Fellow and vice president of engineering. But people absolutely do not agree to whatever arrangements those companies make with outside parties to pass along personal information or data.
"The story here isn't really the potential data breach (which may affected hundreds of thousands) or that Google is shutting down Google+", proclaimed Mac.
Pichai has agreed to testify before Congress in the coming weeks.
Even if a third party did not exploit the security vulnerability identified by Google, the SEC would likely be interested in whether investors were properly notified about the risks and about the incident, Stark said.
Google goes "beyond legal requirements" and applies "several criteria focused on our users" when deciding whether to provide notice, a spokesperson said in a statement. In addition, Google is limiting the ability of Android apps to obtain Call Log and SMS permissions on Android devices, and is no longer allowing access to contact interaction data through the Android Contacts API.