Google has said it would be bringing the curtains down on its Google+ social networking site citing extremely low engagement from the user community. While that is something that can’t be debated, the other reason the service is in news is that it has been hit by a security breach of considerable scale.
What is worse still, that Google kept the breach under wraps and never bothered to inform those whose profiles might have been compromised. On a rough estimate, it is about half a million of Google+ users who have their details exposed. Among the information that the hackers have had access to include name, age, gender, relationship status, occupation along with profile photos and all.
Also, what has come to the fore is that the vulnerability has been there since 2015 though it was only in March 2018 that Google eventually plugged the loophole. However, that left the hackers too long a window to have access to the user’s data though Google claims there are no known incidents so far of the hackers actually misusing the data they had retrieved. That also is the reason that Google said prompted them to not press on the panic button just yet.
The Mountain View company can still be lauded for learning from its mistakes. The company said they are introducing a number of changes to the way the developers get to interact with user’s data and the manner the same can be put to use. For instance, the API would be changed so as to prevent the developers from getting call and SMS details on Android devices. Similarly, contact information too would be kept out of reach of the Android Contacts API.
In much the same manner, Gmail too is subjected to some changes so that apps will henceforth have restricted access to user data. As Ben Smith, Google fellow and VP of engineering said, only those apps that work to enhance email functionality like ’email clients, email backup services and productivity services’ will have access to user data. The developers of such app will also be required to conform to certain guidelines to ensure they do not engage in nefarious acts like selling such data to market research firms for targeted ads and so on.
Google has also been working to enhance user privacy as part of an internal project named Strobe. The project envisaged restricting third-party access to user data on both Gmail and Android devices.