Monday, December 10, 2018

As another Google+ API bug surfaces, Google expedites impending shutdown

Back in October, Google confirmed that a security bug impacted users of its social network, Google+. As a result of that, the company also announced it would be shutting down the service in late 2019. Now it looks like things are speeding up, all because Google discovered yet another security bug on the platform.

Today Google officially announced that it recently discovered a new API bug that was released in November. However, it was only around for six days before Google fixed the issue. In that time, Google says it has no indication that any developers that did have access to the errant API “were aware of it or misused it in any way”.

In that short period of time, though, Google says the bug impacted 52.5 million users. Here are the major bullet points from the announcement:

  • We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.
  • With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.
  • In addition, apps with access to a user’s Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
  • The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
  • No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way

Google’s decision to shut down Google+ stems from the determination that “the significant challenges involved in maintaining a successful product that meets consumers’ expectations” were simply too much to keep working on. Of course, Google+’s “low usage” also played a part in the decision to wrap things up for the social network as well.

The company was originally going to shut the service down in August of 2019, but in light of this latest API bug, Google has decided to expedite the shutdown process and wrap things up in April 2019. This is for the consumer-focused version of Google+, mind you. The enterprise version will continue to exist.

Are you sad to see Google+ go?



source: androidandme

0 comments :

Subscribe to: Post Comments ( Atom )