Google Is Officially Shutting Down Google+: Here’s What It Means

In a surprising turn of events, a prediction made in 2015 by nexus-security founder Larry Kim has come to pass: Google is shutting down its struggling social media platform, Google Plus. Despite official announcement, a data breach in March seems to have been the final nail in the coffin. Google Plus was like that awkward family member who committed a social faux pas – it wasn’t particularly popular, and this latest incident gave Google the perfect excuse to cut ties.

Let’s delve into the details of the data breach and the wider implications of Google’s announcement.

Google Plus Shutdown

A Look Back at Google Plus

Google Plus was the tech giant’s fourth attempt at creating a successful social network, following in the footsteps of Google Buzz, Google Friend Connect, and Orkut. Initially, the platform’s user base showed promise, experiencing 395 million active accounts as of 2016. However, by 2016, a staggering 91% of those accounts were inactive. Today, a mere 10% of Google Plus user sessions extend beyond five seconds. This begs the question: why such a large gap between the number of accounts and actual usage?

For many years, Google Plus was intertwined with apps like Photos, Hangouts, and YouTube. Having a Google Plus account was mandatory for using and interacting with these apps. Consequently, most Google Plus users were only present on the platform to access these other services. Unlike Facebook, which legitimately saw Google Plus as a threat in its early stages, people weren’t creating Google Plus accounts to actively engage with the platform. To illustrate, having a Facebook account simplifies logging into Spotify and numerous other services, but that’s not the primary reason people use Facebook.

The gradual separation of products and services like Gmail, Photos, Streams, and YouTube from the Google Plus umbrella ultimately rendered the platform a ghost town. However, much like an embarrassing family secret, Google held onto Google Plus longer than necessary, reluctant to admit defeat.

Then the data breach occurred.

The Reason Behind Google Plus’s Sunset

This particular data breach wasn’t as massive as the Cambridge Analytica scandal, which compromised the private data of over 50 million Facebook users, but it was still significant. Earlier this year, Google initiated Project Strobe, a data regulation initiative. Interestingly, according to the announcement, Project Strobe was launched independently before the data breach came to light. This means the breach was something they actively sought out, not something they stumbled upon accidentally.

Project Strobe aimed to examine third-party developer access across Google’s extensive network of apps and services. The underlying principle was that the more intricate this ecosystem becomes, the more challenging it is for Google to manage data privacy and security. Here’s what they uncovered regarding Google Plus (taken directly from the blog post):

  • Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API.
  • The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.
  • This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age. It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.
  • We discovered and immediately patched this bug in March 2018. We believe it occurred after launch as a result of the API’s interaction with a subsequent Google+ code change.
  • We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.
  • We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.

In essence, Google identified a flaw in its system that potentially allowed third-party apps to access certain private data of up to 500,000 users. The flaw was promptly rectified. While they can determine the number of people whose information could have been compromised, they don’t know the exact figure, and there’s minimal evidence to suggest any malicious activity occurred.

The term “data breach” is quite alarming these days, but in this instance, the impact appears to have been minimal. However, the decision has been made: Google Plus is no more.

Project Strobe’s Additional Discoveries

It’s worth repeating: Project Strobe yielded four key findings, with “shut down Google Plus” being just one. The other three, in no particular order, are:

Enhanced User Control Over Data Sharing with Apps

Google’s response is to provide users with more granular control over the data they share with third-party applications. Previously, if an app requested access to, for instance, your Calendar and Drive, Google would only ask if you agreed to share both. Now, it will request permission for each data set individually:

Google Plus Shutdown Controls

Alignment of Gmail Access with User Intent

Google is updating its User Data Policy for the consumer Gmail API. Moving forward, when you authorize third-party access to your Gmail account, only apps directly enhancing email functionality will be permitted to access your data. These apps must also adhere to Google’s updated security standards and undergo periodic security assessments.

Restricting SMS, Contacts, and Phone Permissions on Android

Similar to the Gmail changes, but for Android devices, only apps you’ve designated as your default for calls and texts will be able to access your data (with your consent, of course).

Overall, Google is bolstering security and transparency (two major focal points this year) by tightening its grip on third-party data access.

Final Thoughts on Project Strobe

Google Plus Shutdown Strobe

Google still believes that Google Plus has been beneficial for businesses. They argue that companies who’ve used it successfully have treated it as a secure, internal network for employee discussions and other work-related interactions. If you fall into this category, don’t fret – Google is implementing a 10-month “wind-down” period to allow for safe data migration. In the coming days, they’ll also release information about upcoming features intended to ease the transition away from this long-anticipated demise.

Licensed under CC BY-NC-SA 4.0