comscore
News

Google+ shut down is a step in right direction but it has little to do with security breach

The end of Google+ also paves way for tighter privacy controls as Google revises its data practice across products under Project Strobe.

Google Project Strobe main

Highlights

  • Google+ was once dubbed as Facebook competitor but it never became one

  • The end of Google+ is also start of a new era of privacy-first product design

  • Giving back controls to users is a new theme in Silicon Valley

Google made a surprise announcement this morning to shut down Google+, its social media service once dubbed as the competitor to Facebook and Twitter. The end of the road for Google+ comes after years of debate around its relevance and Google’s own efforts undermining the service by baking social messaging within its key services like YouTube.

The announcement was overshadowed by a revelation that Google+ suffered a security vulnerability that exposed the private data of up to 5,00,000 users. In fact, Google decided to conceal the information after it was discovered in March because the company did not find anyone had gained access to user information. The Privacy and Data Protection Office of Google decided that it was not legally required to report the issue. The announcement comes on the backdrop of a report which detailed how data of 50 million Facebook users were stolen using a bug inside the system.

Putting Privacy ahead of Product Design

While the major attention has been around this data breach, the real reason does not seem to have anything to do with the breach. In a blog post, Ben Smith, Google Fellow and Vice President of Engineering, wrote “While our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps.”

Google, Facebook and Twitter are in the cross hairs of increased scrutiny from US senators, who have now come to question the authority and reach of these platforms. After revelation of Russian misinformation carried out on all three platforms, US government officials have become skeptical of social media services and some have expressed concerns that they are damaging democracy in the name of greater good i.e. communication.

The reputation for Google and its key executives is probably at the lowest among these US officials, who have the power to put a break on the reach of these platforms. Last month, Facebook COO Sheryl Sandberg and Twitter CEO Jack Dorsey testified before US Congress but Google denied to send its top ranking officials. In a big jibe against Google, the US Congress decided to put an empty chair with the name card reading Google and the live camera feed frequently panned to show the empty chair. After the hearing, US Senators changed their tone from criticizing social media platforms to expressing disappointment over Google’s behavior.

Sundar Pichai’s scheduled visit to US Congress

The revelation of this data breach only adds to the wounds already suffered by the platform and adds the risk of additional scrutiny into its business practice. With CEO Sundar Pichai set to testify later this year, the company seems to putting some of those very concerns to rest.

In the same blog post, Smith announced a new internal called Project Strobe, which acts as a watchdog within the system, to review third-party access to Google account and Android device data. This review process looks at Google’s philosophy around apps’ data access and its privacy controls at large. This seems to be the first major step by Google to address concerns after third party platforms where found reading messages of Gmail users. Google has helped a lot of brands build their businesses around it but the cost should not be privacy.

Google says Project Strobe review led to discovery of a bug in one of the Google+ People APIs that allowed apps access to Profile fields that were shared with the user, but not marked as public. Google says up to 438 applications may have used this API but it has no evidence of any developer being aware of this bug or abusing the API. “We found no evidence that any Profile data was misused,” Google says.

Privacy data goes granular as data security becomes serious subject

This leads to new efforts that could pave way for tighter privacy controls as Google revises its data practice across products under Project Strobe. The first such effort to offer more granular Google Account permissions that will show in individual dialog boxes. With granular data controls, users will be able to see what data an app prompts access for and users will need to grant explicit permission. “For example, if a developer requests access to both calendar entries and Drive documents, you will be able to choose to share one but not the other,” Google explains.

Watch: A look a Pachinko Parlors of Japan

This is a major departure from existing permission mechanism where you cannot grant permission to one request and decline permission to other. Google is also limiting the type of use cases permitted when users grant apps access to their Gmail. Only apps that directly enhance email functionality will be authorized to access this data. These apps, mainly email clients and productivity services, will need to agree to new rules on handling Gmail data and will be subject to security assessments.

On Android, Google is limiting ability of apps to receive call log and SMS permissions. It will also no longer make contact interaction data available via the Android Contacts API. Only apps that are selected as default app for making calls or text messages will be able to make these requests. This is a big step as Google plans to limit apps from accessing some of the most crucial information inside Android.

As Pichai heads to the Hill, Google will be questioned around its data practice and whether it is a monopoly in businesses like search and mobile operating system. One of the questions will be whether it understands the implications of its business model. With the new privacy policy, Google is doing the right thing, fixing the broken privacy practice and giving users a transparent a look what data developers collect. If this comes at the expense of Google+ then it is definitely fine.

  • Published Date: October 9, 2018 12:41 PM IST