Over the past year, privacy has been a big topic in the technology space as particularly evident after Facebook’s Cambridge Analytica scandal. Google in early 2018 began a project to analyze third-party developer access in its various services and Android. An issue in Google+ was uncovered as part of Project Strobe, and the company is now taking steps to limit access to user data across all applications.
Project Strobe began earlier this year and is “a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps’ data access.”
Google today announced four findings with steps to resolve each:
Shutting down Google+
Finding 1: There are significant challenges in creating and maintaining a successful Google+ product that meets consumers’ expectations.
Action 1: We are shutting down Google+ for consumers.
At issue is a bug in the Google+ People APIs that allowed third-party applications access to user data not shared to them. However, Google did not discover any evidence that developers outside of Google were aware of the problem, or that any Profile data was misused.
In the process, the company today acknowledged that Google+ has entirely failed as a social network, noting how “it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps.
The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.
Granting individual permissions
Finding 2: People want fine-grained controls over the data they share with apps.
Action 2: We are launching more granular Google Account permissions that will show in individual dialog boxes.
Meanwhile, Google is continuing recent efforts to give consumers better control over their data. When a third-party app requests access to data, each permission will be presented one-at-a-time, with users able to deny access to individual requests.
For example, if a developer requests access to both calendar entries and Drive documents, you will be able to choose to share one but not the other.
Limiting third-party Gmail access
Finding 3: When users grant apps access to their Gmail, they do so with certain use cases in mind.
Action 3: We are limiting the types of use cases that are permitted.
Google is limiting what kinds of apps can access Gmail data to services that are “directly enhancing email functionality.” This includes email clients, email backup services, and productivity services.
Android permission changes
Finding 4: When users grant SMS, Contacts and Phone permissions to Android apps, they do so with certain use cases in mind.
Action 4: We are limiting apps’ ability to receive Call Log and SMS permissions on Android devices, and are no longer making contact interaction data available via the Android Contacts API.
In the coming months, Project Strobe will “roll out additional controls and updating policies across more of our APIs.” Google will also work with developers to implement changes and give them time to update applications.