Skip to main content

Google is shutting down Google+ for consumers following security lapse

Google is shutting down Google+ for consumers following security lapse

/

Over the next 10 months

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Illustration by Alex Castro / The Verge

Google is going to shut down the consumer version of Google+ over the next 10 months, the company writes in a blog post today. The decision follows the revelation of a previously undisclosed security flaw that exposed users’ profile data that was remedied in March 2018.

Google says Google+ currently has “low usage and engagement” and that 90 percent of Google+ user sessions last less than five seconds. Still, the company plans to keep the service alive for enterprise customers who use it to facilitate conversation among co-workers. New features will be rolled out for that use case, the company says. Google is focusing on a “secure corporate social network,” which is odd considering this announcement comes alongside news that the company left profile details unprotected.

It’ll take 10 months to fully shut down the service

In addition to sunsetting Google+, the company announced new privacy adjustments for other Google service. API changes will limit developers’ access to data on Android devices and Gmail. Developers will no longer receive call log and SMS permissions on Android devices and contact interaction data won’t be available through the Android Contacts API. That same also API provided basic interaction data, like who you last messaged, and that permission is also being revoked.

As for the Gmail changes, the company is updating its User Data Policy for the consumer version of the email service. This will limit apps and the scope of their access to user data. Ben Smith, Google fellow and VP of engineering, writes: “Only apps directly enhancing email functionality — such as email clients, email backup services and productivity services (e.g., CRM and mail merge services) — will be authorized to access this data.”

Any developer who has this access will have to undergo security assessments and agree to new rules about data handling, like not transferring or selling user data for targeting ads, market research, email campaign tracking, or other unrelated purposes.

Google previously tried to quell privacy concerns earlier this year after The Wall Street Journal detailed how common it is for third-party app developers to be able to read and analyze users’ Gmail messages. At the time, Suzanne Frey, the director of the company’s security, trust, & privacy division of Google Cloud, emphasized that users should review what apps have access to their accounts and revoke it if necessary. Last year, Google announced that it would stop its long-standing practice of scanning the contents of individual Gmail users for advertising purposes. Of course, the company still has plenty of data it can target advertisements against, like Search history, YouTube views, and other Chrome actions.

These most recent changes are being attributed to an internal Google effort called Project Strobe, which involved a review of “third-party developer access to Google account and Android device data and of our philosophy around apps’ data access,” according to Google.