In the WSJ report, this glitch let outside developers access the data between the year 2015 and March of 2018. Google has since fixed the glitch, and came to the conclusion that nothing malicious was done with the data. Google+ was Google’s response to Facebook. However, the social media service never gained much of a following, or competitively challenged the top social networking player.
The WJS reporters wrote in the article that they had reviewed a memo which was prepared by Google’s policy experts and lawyers. The memo revealed warnings that disclosing the glitch would “damage reputation” and cause “immediate regulatory interest.”
They were also saying it would trigger something comparable to Facebook’s scandal involving Cambridge Analytica. CEO of Google, Sundar Pichai was briefed on this plan after the decision was made to not inform the public, states the WJS’s sources, which were described as being people briefed on the incident.
This type of security lapse is exactly the kind of news Google didn’t need right now. Because its leaders decided to not disclose, it likely only to make the situation worse.
Lawmakers in the US have been concerned that big tech companies have become under scrutiny for various reasons in recent years. A question being asked in the nation’s capital is what Google, Twitter, Facebook, and others are doing with their users’ private data.
Additionally, there has been strong criticism of Google in recent weeks about making a search engine that is able to censor information, as part of possibly giving entry into China. President Trump had also accused Google of “rigging search results to make his administration look bad, and silencing voices of the political right.”
In the blog post Google made, although it didn’t speak directly of WSJ’s story, it said efforts were being undertaken, named Project Strobe, which will review “third-party developer access to Google account and Android device data.”
Google did acknowledge that during part of the Project Strobe audit, “we discovered a bug in one of the Google+ People APIs.” It has been confirmed by Google that this bug enabled third parties with access to user data. However, the company stated that the accessible data consisted of email address, user’s name, occupation, age, and gender.
“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any profile data was misused,” Google mentioned in the blog post.
Google gave the reason why they disclose the security lapse, saying it decided the situation didn’t rise to such levels.
“Our Privacy & Data Protection Office reviewed this issue,” Google said in the blog, “looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response. None of these thresholds were met in this instance.”
Kyle James Lee – The AEGIS Alliance – This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.