In an official blog post, Google has today confirmed that it is shutting down Google+ for consumers following the findings of its ‘Project Strobe’ security audit which has revealed a security bug that had been allowing third-party developers to access Google+ user profile data since 2015.
According to The Wall Street Journal (via TechCrunch), although Google had discovered and patched the bug back in March, it decided not to disclose the issue in part because of fears that doing so would draw regulatory scrutiny and would lead it to come into the spotlight alongside Facebook despite having stayed under the radar throughout the Cambridge Analytica scandal.
Google has now also announced a handful of privacy reforms in response to the breach. These include stopping most third-party developers from accessing Android phone SMS data, call logs, and some contact info. Furthermore, Gmail will restrict building add-ons to a small number of developers.
The company will also change its Account Permissions system for giving third-party apps access to your data such that you have to confirm each type of access individually rather than all at once. Gmail Add-Ons will be limited to those “directly enhancing email functionality” including email clients, backup, CRM, mail merge, and productivity tools.
“Since the bug and subsequent security hole started in 2015 and was discovered in March before Europe’s GDPR went into effect in May, Google will likely be spared a 2 percent of global annual revenue fine for failing to disclose the issue within 72 hours. The company could still face class-action lawsuits and public backlash. On the bright side, G+ posts and messages, Google account data and phone numbers, and G Suite enterprise content wasn’t exposed.”
Only time will tell if the fiasco pulls Google into the same sea of regulatory scrutiny currently drowning Facebook.