Project Strobe and Google Minus
After 7 years of effort Google has concluded enough is enough for Google+. The tech giant has admitted to failing its entrance into the social media marketplace. As both a business decision and safety concern they’ve decided to take Google+ off the web and focus on other things.
Security has been on everyone’s minds this year as privacy scandal after privacy scandal surfaces. Facebook’s Cambridge Analytics scandal made us hyper aware of how much data is exposed to third-parties. In an attempt to combat privacy issues Google launched Project Strobe. It’s a root-and-branch review of third-party developer access to Google accounts and Android devices. Essentially it’s a research project to check up on how secure everyone’s information really is.
The findings: not the best. Today Google announced four key findings from the project along with steps to remedy each.
1. There are significant challenges in creating and maintaining a successful Google+ product that meets consumer’s expectations.
Google+ has a pretty serious bug in it that exposed user data to third-party applications that didn’t have proper access. Google says that there is no evidence anyone else found this out before they did (hard to be sure). But combining this with the lack of adoption among users and the end result has been to remove Google+ entirely. I don’t think anyone is too upset at this move, and it’s probably for the best Google diverts its time towards new innovations.
2. People want fine-grained controls over the data they share with apps
When you download a new app, if you want it to do certain things it may need your permission. Whether that’s using your camera to take a picture or seeing your contacts so that it can share a picture with others, apps can’t do these things until you let them. This is a big plus for Android security, but unfortunately sometimes it’s not organized well enough.
There are some permissions that are grouped together when presented to a user, and this can potentially be a problem. If you want an app to do one thing you shouldn’t have to grant it access to 3 permission, yet this is sometimes how things are organized. Google has announced they’ll be launching more granular account permissions that will show individual dialog boxes for each. Maybe a little more frustrating for relaxed users, but definitely a win for security.
3. When users grant apps access to their Gmail, they do so with certain user cases in mind
To correct the security issue of third-parties abusing contact information Google is limiting what kinds of apps are allowed to access Gmail data. The only apps allowed will be those that are “directly enhancing email functionality”. Basically, if there’s not real reason for your app to need to write an email, it’s banned.
4. When users grant SMS, Contacts and Phone permissions to Android apps they do so with certain use cases in mind.
3 and 4 are pretty similar to one another, but this other finding takes things past email and into the phone/contacts. Google is limiting how many apps will be allowed to access this information. In addition to this Contact interaction data will no longer be available vie the Android Contacts API.
The bottom line is that Google did a security sweep and found a few things needed to change. It seems that these updates are proactive which is always a good things, but if you’re one of the world’s Google+ user’s then I’m sorry you have to say goodbye. For everyone else these changes should be nothing but good as security continues to improve.
What are your thoughts on Project Strobe? Let us know in the comments below!