Google is finally shutting down Google+ for good following security breach

Isaac Cain

October 8, 2018

Google+ has always been the butt of many jokes as a failed social network that refuses to die, but according to a new report from The Wall Street Journal and then an official response from Google itself, it looks like it's been home to a serious security vulnerability for three years that Google chose to not disclose to the public. And an internal memo noted that while there wasn't any evidence of misuse on behalf of developers, there wasn't a way to know for sure whether any misuse took place.

According to the Google+ Profile API documentation, profile fields can store a treasure trove of sensitive user details such as such as name, email address, occupation, gender, age, nickname, birthday, just to name a few. Google was hammered again a month later, when the Associated Press revealed the company was tracking users' locations even after they'd turned off their phones' location history setting. In a prepared statement, the firm said its review confirmed what it was already aware of - Google+ failed to capture a significant number of users and developers, so it consequently isn't worth keeping afloat.

'Given these challenges and the very low usage of the consumer version of Google+, we made a decision to sunset the consumer version of Google+'.

The search giant states that it wasn't able to maintain "a successful Google+ product that meets consumers' expectations". This bug could allow a user's installed apps to utilize the API and access non-public information belonging to that user's friends.

But the company did not disclose the vulnerability when it fixed it in March because the company didn't want to invite regulatory scrutiny from lawmakers, according to a report Monday by the Wall Street Journal.

Google chose not to disclose the flaw this past spring out of concern it would trigger regulatory backlash, especially in the wake of criticism against Facebook Inc. for its privacy issues, the newspaper reported.

In addition to the sunsetting of Google+, Project Strobe brings in new, more granular controls over the data Android and Gmail users share with apps.

More news: Kim, Pompeo agree to 2nd US-North Korea summit 'at earliest date'

A software bug in Google+ meant that the personal information of "hundreds of thousands" of users was exposed.

Google also announced new API changes in an effort to restrict developers' access to data on Android devices and Gmail.

Google admitted in the blog post disclosing the bug that usage of Google+ has dropped off in recent years.

The enterprise version of Google+ is to continue.

The news comes as Silicon Valley companies have been increasingly scrutinized for their data collection practices.

It plans to shutdown Google+ for consumers over the course of the next 10 months, with the platform officially retiring in August 2019.