قالب وردپرس درنا توس
Home / SmartTech / The Google+ bug gave developers access to non-public data from 52.5 million users – TechCrunch

The Google+ bug gave developers access to non-public data from 52.5 million users – TechCrunch



Google+ was a catastrophe for the company when it was still alive, and now that it's dead, it's becoming a rocket around the neck. After a serious security flaw was discovered in October 2019, which affected nearly half a million users, the closure of the service was announced. Today, the company announced a new privacy gap that was found last month. Data from around 52.5 million users was available to apps using the Google+ API.

Because every bug seems to accelerate Google+ shutdown Google also announced today that the service will close in April 2019. All Google+ APIs will be closed within the next 90 days.

The new bug, which only ran for about six days in early November, is related to the Google+ People API. Apps that requested permission to view user profile information-such as name, email address, occupation, gender, birthday, relationship status, and age-could access this information even if that information was not considered public. [1

9659002] It gets worse, though; Apps that had access to this data also had access to profile data shared with the user by other Google+ users, but not publicly available.

Google says there is no evidence that developers ever realized this You had access to this data (the benefit of running a social network that few people use, I think) or that the data is in any way were abused. It's also stressed that these apps only had access to this data for six days. The bug was introduced, discovered and resolved within a week from 7 to 13 November this year.

The last time Google was heavily criticized for having waited far too long to publish the bug. This time, the company's experts tell me that they have decided to react quickly after the internal disclosure process, also because the company wants to show more transparency.

"We understand our ability to build reliable products Protect your data and create the trust of users," the company writes today in a blog post. "We have always taken this seriously and are continuing to invest in our privacy programs to improve internal privacy reviews, create powerful data controls, and engage with users, researchers and policymakers to gain feedback and improve our programs. We will never stop our work to protect privacy for all. "


Source link