Google potentially exposed the private data of users of Google+
By Guy Avtalyon
This has already happened to social network users. Private data, which they thought were only private, became public.
What happened with Google+?
Google potentially exposed the private data of hundreds of thousands of users of the Google+ social network. But they opted not to disclose the issue this past spring. It was because of fears that doing so would draw regulatory scrutiny and cause reputational damage.
On Monday the Alphabet Inc. unit announced a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+. This is one of Google’s biggest failures and the final nail in the coffin of a product that was launched in 2011 to challenge Facebook Inc.
A problem appeared
A software glitch in the social network site gave outside developers potential access to private Google+ profile data between 2015 and March 2018.
When internal investigators discovered the problem, allegedly they fixed it.
According to some reports, a memo prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.
Chief Executive Sundar Pichai was briefed on the plan not to notify users after an internal committee had reached that decision.
Google is down
In its announcement on Monday the 8th of October, the company said it is curtailing the access it gives outside developers to user data on Android smartphones and Gmail.
This incident, which hasn’t been previously reported, shows an attempt to avoid public supervision of how Google+ handles user information. We are living in a time when regulators and consumer privacy groups are in charge to hold tech giants accountable for the vast power they wield over the personal data of billions of people.
“Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a Google spokesman said in a statement. The company considered “whether we could accurately identify the users to inform, whether there was any evidence of misuse and whether there were any actions a developer or user could take in response,” he said: “None of these thresholds were met here.”
Allegedly truth is that the company has no evidence that any outside developers put to wrong use the data but acknowledges it has no way of knowing for sure. The profile data that was exposed didn’t include phone numbers, email messages, timeline posts, direct messages or any other type of communication data, but everything else was there, front and center in front of third-party eyes, full names, email addresses, birth dates, gender, profile photos, places lived occupation and relationship status. Information users may not want available to a third party.
Google’s user data is available to outside developers through public channels, application programming interfaces, or APIs. These tools require a user’s permission to access any information, but they can be abused by app developers to gain access to sensitive personal data.
Google inside
Inside Google is formed task force named Project Strobe. The task for more than 100 engineers, product managers, and lawyers, is to conduct a companywide audit of the company’s APIs.
The silver lining in this situation may be that similar potential data breaches will not be happening in the feature. As the destiny of Google+ social network is to join another shutdown Google service, such as the Wave, over the coming 10-months wind-down period.
The moral of this
But the moral of this, yet another of this kind, story is that the developers of the social networks are entrusted with large amounts of personal and sensitive data of their customers. And as such should put more effort into protecting them.
Otherwise, out of concern for both privacy and security, many customers may decide that avoiding the nefarious actions of some potential criminals is more important than any benefit the services of the social network provides.
The decision which may very well hurt the bottom line or market capitalization of any social network developer more than any potential detrimental regulatory decision or penalty.