500 thousand user account data leakage "do not evil" Google's privacy problem again


500 thousand user account data leakage

Author: Sasa

Google, who is "not evil", is caught up in privacy. Facebook storm has not yet passed, and Google has been leaked to disclose user account data.

On Monday, Alphabet, Google's parent company, announced it would shut down the consumer version of its social networking site, Google +.

The decision is mainly due to media exposure to Google+ security vulnerabilities. Earlier in the day, it was reported that Google +'s vulnerability caused users'data to be exposed to outside developers.

The security vulnerability, which Google discovered and fixed in March, has not been disclosed since 2015. Google fears it could face a worse situation than Facebook once the leak is disclosed, which could lead to regulatory scrutiny and damage the company's reputation.

Affected by the news, Google parent Alphabet shares fell 1.02%, to close at $1155.92.

Know but not report

Earlier this year, Google set up a privacy and security review project called Project Strobe to thoroughly review third-party developers'access to Google accounts and Android device data, as well as the concept of APP data access.

Google+ vulnerability caused user account leakage problem was discovered in the assessment.

Google Corporation provides user data to external developers through API (Application Programming Interface). These tools usually require user permission to access any information, but this can be abused by some APP developers to gain access to sensitive data.

Google's survey found that because of the Google + API vulnerabilities, developers can collect personal data from Google + users'friends, even if the data is explicitly marked as private in privacy settings.

Google's announcement showed that 500,000 users'names, mailboxes, careers, gender, age, etc. could be leaked, and about 438 applications accessed the data. But Google said it did not find any developers aware of the vulnerability or abuse of the API, nor did it find any configuration file data being abused.

On Monday, after the issue became public, Google said on its blog that in addition to shutting down the Google + consumer version, it would introduce new privacy tools that would restrict developers from using information from e-mail to file storage.

In a blog post, Ben Smith, Google's vice president of engineering, said Google fixed the vulnerability immediately after it discovered it in March.

Why not publicized this loophole to the public? Ben Smith said Google's Privacy and Data Protection Office examined the issue, looked at the types of data involved, considered whether users could be accurately identified and notified, whether there was any evidence of abuse, and whether developers or users could take any action to respond. After the assessment, Google felt that there was no need to inform the vulnerability.

However, he also acknowledged the major challenges facing the success of Google +, and given the very low usage of the consumer version of Google +, Google decided to close the consumer version of Google +, which will be implemented within 10 months and completed by the end of August next year.

Perhaps the more important reason for deciding not to announce the incident is that Google will face regulatory and reputation problems. Sources pointed out that a memorandum prepared by Google's legal and policy staff warned that disclosure of the incident could face regulatory problems and compared it with Facebook's disclosure of user information to Cambridge Analytica, a data company.

When does the privacy issue stop?

This is not the first time Google has encountered privacy issues this year. In April, several privacy and child protection groups filed documents with the Federal Trade Commission (FTC) accusing YouTube of illegally collecting data on children under the age of 13.

Just two months ago, a survey by the Associated Press showed that Android devices and many Google services on Apple's phones store location data, and that even if users have turned off location records in privacy settings, Google will secretly record their location information.

In most cases, Google will apply for location information in advance. For example, applications such as Google Maps alert users that they need to access location information if they use map navigation. Once it agrees to keep track of its location, Google Maps displays historical records in the "timeline" to record the daily activities of users.

Last year, Google was accused of tracking Android users by collecting the addresses of nearby cell phone base stations, even though all location services were shut down.

The vulnerability has further exposed Google to its predicament. In the past few months, U.S. politicians have intensified their attacks on Google, with Republicans accusing it of being biased and Democrats questioning whether the company has become too powerful.

Earlier, Google refused to send CEO Sandal Pichay to a Senate Intelligence Committee hearing on September 5. At that time, chief executive officer of Facebook and chief executive officer of Twitter attended the hearing.

However, at the end of September, Reuters reported that Pichai agreed to testify to the House Judicial Committee later this year. Republicans want to know if Google's search algorithm is affected by human bias and further investigate privacy issues.


Waonews is a news media from China, with hundreds of translations, rolling updates China News, hoping to get the likes of foreign netizens