Google is now going to be shutting down it’s Google Plus services and API much sooner than expected, following the discovery of a new bug in the system. The bug affects as many as 52.5 million users and was introduced in an unspecified API in November. Summarily, the bug allowed apps requesting permission to view a user’s full profile access to aspects of the profile that were not set to public. It also enabled access to data that hadn’t been shared publicly but had been shared to a given user by another user on the platform. No financial details, national identification numbers, passwords, or data along those lines was compromised and no third-party developers seem to have misused that information. In fact, many third-party developers appear to have remained unaware of the problem for the entirety of the six days the bug was active. As a result of the new bug, Google has moved the shutdown of Google Plus and its subsequent APIs forward to April of 2019.
Background: The new bug does not appear to be directly related to at least one problem revealed back in October. Simultaneously, it does seem to have leaked exactly the same kinds of information as the prior bug. That was initially spotted in March and went unreported for months out of fear that ongoing scrutiny faced by Facebook would spill over to Google’s own social network — in spite of having made users vulnerable since 2015. When the news eventually did break, it was revealed alongside the announcement that Google Plus would be shuttering services permanently. In addition to the matter of security-breaking bugs, Google also stated at the time that 90-percent of users only spent around five seconds on the site per session. Developers, for whatever reason, had also been largely avoiding the platform. That may actually be a positive note with regard to the latest bug since it means that most developers would not have been in a position to take advantage of the glitch.
The initial shutdown deadline for the service had been set to August of next year and a continuation of some features on an enterprise-specific basis is planned. Those plans aren’t necessarily changing in spite of the most recently spotted bug and Google says it will be putting much more emphasis on security moving forward. In the meantime, the company is currently in the process of reaching out to any customers that might have been affected. The closing of Google Plus isn’t necessarily surprising, as it’s really just one of many services the company is bringing to a close on the consumer end. Hangouts and Allo are among those but the former of those will also continue in a business-focused capacity.
Impact: With further bugs being found in new releases to the API for Google Plus, it really isn’t surprising that they’d move its shutdown forward either. More concerning is that the newer bugs appear to be almost the same as previous bugs with regard to the leaks they can and do cause for users’ private data. Google has assured users that it will be investing further in security and privacy. That’s in addition to its decision to shut down early in spite of the obvious problems that doing so will likely cause some developers. That gives the appearance that the search giant is putting consumer trust first but won’t necessarily convince every end user.