Google will close most of its failing social media platform Google+ and implement several new privacy measures after discovering that hundreds of thousands of users potentially had their personal data exposed because of a previously undisclosed software bug, the company announced Monday.
The Wall Street Journal, reported that they have reviewed a memo prepared by Google's legal and policy staff, which indicated that disclosing the data breach could lead to scrutiny by government regulatory agencies.
According to the company, profile information like name, email address and age from some users was available to apps, even if users had not marked it public.
Google said it was unable to confirm which accounts were affected by the bug, but an analysis indicated it could have been as many as 500,000 Google+ accounts.
App access to user Gmail data will be limited to fewer use cases, Smith said. The search giant states that it wasn't able to maintain "a successful Google+ product that meets consumers' expectations". The service will wind down over the next 10 months, with the goal of finishing the shutdown by the end of August 2019.
In weighing whether to disclose the incident, the company considered "whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response", he said. Google believes that nothing nefarious was done with the information, however, and claims to have already fixed the problem.
Google today also revealed some more steps that it's taking to help protect user data.
Google launched Google+ in 2011 with an emphasis on privacy, and included fine-grained tools to let users decide what content to share with which of their contacts.
Google says that going forward, rather than bundling permissions together for a single approval, each and every permission requested by an app will be shown one at a time, within its own dialog box. "When an app prompts you for access to your Google account data, we always require that you see what data it has asked for, and you must grant it explicit permission", he said.
Google said it found the bug as part of an internal review called Project Strobe, an audit started earlier this year that examines access to user data from Google accounts by third-party software developers. "Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data".