- Google announced Monday it would slowly shut down Google+, the search giant's long-struggling social network, after finding a software bug that divulged the private data of as many as 500,000 users to hundreds of third-party applications, according to a company blog post. The company fixed the flaw in March and didn't find any evidence that developers misused users' personal information.
- The platform currently has "low usage and engagement" as 90% of sessions last under five seconds, per the blog post. Google will maintain the service for organizations that use the platform for employee communications, and the company said it would continue to develop new features for these users.
- Google discovered the security flaw last spring, but didn't disclose the finding due to fears of regulatory scrutiny and damage to its reputation, unnamed sources told The Wall Street Journal. The company said in the blog post that it's clamping down on third-party access to user data on Android smartphones and Gmail. Google won't let third-party developers receive call log and SMS permissions on Android devices, and contact interaction data will no longer be available from the Android Contacts API.
Most consumers are unlikely to notice that Google shut down Google+, with the company acknowledging that its social network has extremely low usage, as most page views are just a few seconds long and insignificant. Google+ doesn't appear in eMarketer's rankings of the top U.S. social networks by user penetration, which show Facebook, Instagram, Snapchat, Pinterest and Twitter as the leaders. While Google+ has some interesting features that connect users around the world, including the ability to create "circles" of contacts based on categories such as friends, family or colleagues, that feature may have been too complicated for users who have grown accustomed to the ease of adding contacts to a single group on Facebook or LinkedIn, per Business Insider. Consumers are inundated with a number of social platforms to choose from, and it appears that Google+ didn't provide enough unique value to attract a loyal user base.
Meanwhile, Google's delayed disclosure of a data breach will likely invite greater regulatory scrutiny of the search giant's privacy measures. Amid this year's Cambridge Analytica scandal, Facebook CEO Mark Zuckerberg in April spent two days testifying on the social network's data breach and other issues. Lawmakers and regulatory agencies may focus on a memo sent to senior Google executives that advised against disclosure of the data breach and warned of public embarrassment for the company.
It's unclear whether Google violated privacy laws requiring disclosure of a data breach, given the patchwork of regulations worldwide. Google discovered the security flaw in March, two months before the European Union's General Data Protection Regulation (GDPR) laws took effect. GDPR requires companies to notify regulators of a data breach within 72 hours. The U.S. doesn't have a similar federal law that requires companies to disclose their security flaws, leaving regulation to states such as California, who recently passed a bill protecting user privacy.
Google's CEO Sundar Pichai has managed to avoid testifying before Congress about other issues, like possible Russian interference in U.S. elections, but last month agreed in private meetings with lawmakers to appear by the end of the year. Lawmakers likely will ask the executive about filtering out conservative political opinions in search results, plans to re-enter the Chinese market with a censored search engine and the latest revelations around not disclosing this data breach until several months later, The New York Times reported last month.