Google is almost on the way to face their own Cambridge Analytica moment as a security bug infiltrates via a third-party developer that was able to access data of the Google+ users from 2015 till March 2018, as that’s when Google found the bug. But, Google decided to stay tight-lipped on it. If you’re wondering how this happened well, it’s simple- a user gave access to a third-party app to access it’s public profile data. The app was bugged hence, it not only collected the data of the particular user but of the other Google+ connections (family, friends or colleagues) as well. Matter of fact, more than 496,951 users data like full names, email ID, birth dates, profile picture, occupation, relationship status and where they lived were at stake of being misused but, Google confirms no data has been misused by the 438 apps that had the access.
The reason behind not informing the public on this matter is cause they felt it would put them in the spotlight and perhaps if not the main focus, definitely alongside Facebook to face the Cambridge Analytica scandal. And, the once ghost app, as most of the users have not used it for years, all of a sudden became a liability for Google.
According to a Wall Street Journal, Google to make an announcement on reforming their privacy settings to tackle such bugs in the future. This announcement was made minutes after Wall Street Journal reported of the bug issue. Expectations are now third-party developers will not have access to the user’s phone SMS data, certain contact information and call logs. Gmail will also deny access to building add-ons for certain small developers. In the meantime, Google+ will close down its consumer services to wind up the issue and come back as an enterprise product.
Google will also amend their third-party permission settings so such apps will not be able to access vital consumer data in future. The user will now be able to give permission to each app manually and decide what data is accessible. Gmail will also allow only those add-ons to access if they enhance the email functions like backup and email clients, production tools, mail merge and CRM.
Standing in an awkward situation, Google now admits they knew about the bug for quite some time and are proud of their engineering team for putting in so many efforts in making Google+ the Platform it is but, they also accepted they lacked in terms of achieving broad consumer and developer adoption and the biggest issue- high drop in regular users. In fact, Google+ is now at its most low consumer usage with almost 90% Google+ users barely using their account for five seconds.
As is the bug was active since 2015 and was found in March this year before the GDPR of Europe began, possibilities are Google will be spared from paying the 2% global annual revenue fine as it failed in disclosing the issue within 72 hours of finding the bug. Yes, a class-action lawsuit and public backlash cannot be sidelined and Google will have to answer them. Perhaps the fact the G+ posts, Google account data, phone numbers, messages and G Suite were not exposed, could be helpful for Google to face the backlash.