Google today revealed that it’s shutting down the consumer version of Google+. The service will wind down over the next 10 months, with the goal of finishing the shutdown by the end of August 2019. Users will be able to download and migrate their data. As for why it’s being shut down, Google says that Google+ has “low usage and engagement”, with 90 percent of G+ user sessions lasting less than five seconds.
A major security bug appears to also be to blame for the Google+ shutdown. Google said today that it found a bug in one of the Google+ People APIs that allowed developers access to profile data like full names, email addresses, birth dates, gender, profile photos, places live, occupation, and relationship status. Info like phone numbers, email messages, timeline posts, and direct messages were not surfaced by this API.
According to a report from The Wall Street Journal, this bug existed from 2015 through March 2018, and Google confirms that it patched the bug in March 2018 after it discovered its existence. Before patching it, Google ran an analysis and found that up to 500,000 Google+ accounts were affected. The company does say that it found no evidence to show that any developer was aware of the bug or that any profile data was misued.
Interestingly, the aforementioned WSJ report says that Google’s legal and policy staff sent a memo to senior executives warning that disclosing the bug would probably result in “immediate regulatory interest”. Google CEO Sundar Pichai was allegedly briefed on the company’s plan not to notify users about the bug.
“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a Google spokesman told the WSJ, saying that the criteria include whether it could identify users to warn about the bug, whether there’s evidence of misuse, and whether there are any actions a developer or user could take in response to the bug. “None of those thresholds were met here,” he said.
Google+ may not be the biggest social network — far from it, according to Google — but there are some folks out there that use it, so the news of its shutdown is a bit disappointing for them. G+ did have some interesting ideas, like its concept of Circles for deciding who you share posts with. Now that G+ is shutting down, maybe we’ll see some of those ideas used in other social networks.
Google today also revealed some more steps that it’s taking to help protect user data. These include more granular Google Account permissions that’ll appear in their own individual dialog boxes and updating the User Data Policy for the consumer Gmail API to limit the apps that can seek permission to your consumer Gmail data. Google also says that it’s limiting apps’ ability to get your Call Log and SMS permissions on Android devices, allowing only an app that you’ve selected as your default calling and texting app to make these requests.