Google is shutting down the consumer version of Google+ because of a vulnerability. This allowed app developers to access private information about Google+ users. The vulnerability was found and patched in March this year, but it wasn’t disclosed until yesterday.
Wall Street Journal viewed an internal memo about this vulnerability. Google, fearing that disclosing the issue would be detrimental to its reputation, didn’t tell its users about the vulnerability.
However, Google reports that it found no evidence that any developer was aware of the bug. However, up to 500,000 Google+ profiles were affected by the vulnerability, and 438 applications may have used the API.
Google’s legal and policy staff stated that disclosing the incident would trigger “immediate regulatory interest.” For that reason, it delayed releasing the information, though a day before its major annual hardware event is far from the ideal timing for any bad press.
Google found the vulnerability through Project Strobe review of third-party developer access to Google account and Android device data. Through Strobe, which launched earlier this year, one of its priorities was to review all APIs related to Google+.
In a blog post, Google admitted the truth –
“This review crystallized what we’ve known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.”
Google is giving users a 10-month transition period to move out of Google+. Google+ will be built entirely for enterprise users. The company notes that it will be “launching new features purpose-built for businesses” In addition to the sunsetting of Google+, Project Strobe brings in new, more granular controls over the data Google Account owners share with apps.