A critical bug found in the Google+ API has led to its complete closure. The attempt at a Facebook competitor has struggled over the years to maintain an active user base, with reports of an average user session lasting only 5 seconds. In a press release, Google developers announce the following information surrounding the API bug and the resulting closure of the service:
“Google cannot confirm which users were impacted by this bug. However, we ran a detailed analysis over the two weeks prior to patching the bug, and from that analysis, the Profiles of up to 500,000 Google+ accounts were potentially affected. Our analysis showed that up to 438 applications may have used this API.
Our review showed that our Google+ APIs, and the associated controls for consumers, are challenging to develop and maintain. Underlining this, as part of our Project Strobe audit, we discovered a bug in one of the Google+ People APIs:
- Users can grant access to their Profile data, and the public Profile information of their friends, to Google+ apps, via the API.
- The bug meant that apps also had access to Profile fields that were shared with the user, but not marked as public.
- This data is limited to static, optional Google+ Profile fields including name, email address, occupation, gender and age. (See the full list on our developer site.) It does not include any other data you may have posted or connected to Google+ or any other service, like Google+ posts, messages, Google account data, phone numbers or G Suite content.
- We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”
The news falls as many of the global technology giant make moves to improve the security of their services and to passify the Ueropean Union’s GDPR requirements. These tech giants include Microsft, who have announced changes to the Office 365 security and support.