Data is king in today’s software world. The insights a business gains from its data can set it up for success. However, there is a dark side to the data world, and if a business misuses, abuses or doesn’t protect the data inside its company, it can result in a loss of reputation or trust.
Google is making a number of improvements and announcements to try to ensure they never fall down the wrong data path. As part of its Project Strobe effort, an initiative to review third-party developer access to its services, the company has decided to shut down Google+ for consumers. As part of the review, the company found a bug within its Google+ People APIs that granted users access to profile data, but also gave apps access to data.
“The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+,” Ben Smith, Google fellow and vice president of engineering, wrote in a post.
Google+ for consumers will shut down over a 10-month period and is expected to complete by next August. The Google+ enterprise version will continue to operate. Google plans on launching new features for businesses.
Other results being made in response to Project Strobe include more granular Google Account permissions for fine-grained data control; a limit of the types of use cases permitted to access Gmail data; and limitations for apps to be able to receive call log and SMS permissions on Android devices.
On the developer side, Google announced strong controls and policies focused around Gmail APIs. These new updates will go into effect January 9, 2019. New policies around providing appropriate access, guidelines on how data may not be used, how to secure data, and accessing only the necessary information. Applications will be required to go through a review on January 9, 2019. If the review is not submitted by the following month, apps will be disabled.
In addition, the company recommends developers migrate to Gmail Add-ons, a solution launched earlier this year for developers to integrate their applications in Gmail. “Gmail Add-ons also offer a stronger security model for users because email data is only shared with the developer when a user takes action,” Andy Wen, group product manager for Google, wrote in a post. “We’ve continually strengthened these controls and policies over the years based on user feedback.”
Lastly, the company announced an updated to Google Play Developer policies. “Our Google Play Developer policies are designed to provide a safe and secure experience for our users while also giving developers the tools they need to succeed. For example, we have always required developers to limit permission requests to only what is needed for their app to function and to be clear with users about what data they access,” Paul Bankhead, director of product management for Google Play wrote in a post.
Starting November 1, 2018, Google Play will require any updates to existing apps to target API level 26 or higher. This is to ensure apps are built using the latest APIs and therefore provide the latest security and performance capabilities, according to the company.
In addition, the company is making changes to SMS and call log permissions. Google Play will now limit the types of applications that are able to ask for permission to access a user’s phone. “The trust of our users is critical and together we’ll continue to build a safe and secure Android ecosystem,” Bankhead wrote.