Magid: Google’s new products and disturbing privacy breach

Magid: Google’s new products and disturbing privacy breach

It was a mixed week for Google which, on the positive side, announced some cool new products, including a new Pixel 3 that I’m currently testing. More on that in an upcoming column, but so far, so good. Among other things, it finally supports wireless charging and now has a wide-angle front-facing camera to get more people into group selfies. The 6.3-inch OLED screen on the Pixel 3 XL model that I have looks just as good as the iPhone XS, which is saying a lot.

Google also announced its new Google Home Hub, which is like the Google Home smart speaker except it has a screen to display recipes, maps, YouTube video and more. From what I can tell, it’s very much like the Lenovo Smart Display that I wrote about in July.

One difference between the new Google Hub and the Lenovo version as well as smart displays from Facebook and Amazon is that the Google Hub doesn’t have a camera. I have the Lenovo Smart Display, which — like Facebook’s new Portal and Amazon’s Echo Show, can be used for video calls.

That’s great, but I wouldn’t consider putting any of these camera-equipped devices in a bedroom, bathroom or other place where visual privacy is essential. Google, which gets a lot of flack when it comes to privacy, was at least being sensitive to this issue.

And speaking of privacy, the bad part of Google’s week was the revelation that a software glitch in its ill-fated Google+ social network could have made profile information on hundreds of thousands of users available to developers without the users’ permission. Some developers can get access to user information with what is called an Application Program Interface or API.

These APIs can make life more convenient for both consumers and developers by doing things like letting a consumer use a Google account to log into a third party app or letting an app access a user’s Gmail data as a way to enhance the Gmail experience.

But information provided by APIs can also be used to market to people, even though that is against Google’s rules. The worst thing about the revelation was that Google didn’t disclose the breach after the company became aware of it and fixed it.

In a blog post, Google said it “found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”  The company also said that it keeps “API’s log data for only two weeks. That means we cannot confirm which users were impacted by this bug.”

The good news about the bug is that it prompted Google to make some changes, beginning with shuttering the consumer version of Google+. Chances are you’re not too upset about this revelation.

I am one of many people with a Google+ account that hasn’t been used in years. Like others, I signed up when they announced the social network but quickly dropped off as I started to realize that — unlike Facebook — most of the people I wanted to socialize with weren’t using it.

Frankly, I had almost forgotten Google+ even existed until I read about its upcoming demise. Google will maintain an enterprise version of Google+ that companies use for internal communications.

Bottom line — the challenges of making Google+ secure were bigger than the advantages to keeping Google+ alive, or as Google put it, “The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers’ expectations. Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+.”

Although Google+ may not have set the world on fire, Google has other services, such as Gmail, Calendar, Maps and Android that are very popular. The company is making changes across its products to rein in developers. For one thing, Google is “launching more granular Google Account permissions that will show in individual dialog boxes.”

This will give people more “fine-grained control” over the data they share with their apps. If an app wants to access your Google account, you’ll get to decide not only whether it has access but what information it can get such as calendar access or the files in your Google Drive account. It’s no longer an all or nothing type of permission.

Google is also putting limits on the types of apps that can interact with Gmail to “Only apps directly enhancing email functionality—such as email clients, email backup services and productivity services.”

Developers will have to agree to a new set of rules and be subject to a security review. Google is also tightening up restrictions on Android apps, including limiting their ability to access phone data such as contacts.

Google’s move follows similar ones by Facebook, which has also tightened up access by third-party developers in the wake of the Cambridge Analytica scandal when a researcher/developer was able to get information on users that was allegedly used to aid the 2016 Trump presidential campaign.

Apps, whether they work with Gmail, Facebook, Android, iOS or any other service or device can greatly enhance functionality, but they add risk because instead of just having to worry about the privacy and security practices of big companies such as Apple, Google and Facebook, you’re now vulnerable to either deliberate or accidental breaches by tens of thousands of developers that may be able to access your data.

Disclosure: Larry Magid is CEO of, a non-profit internet safety organization that receives financial support from both Google and Facebook. 

Let’s block ads! (Why?)

Published at Wed, 10 Oct 2018 17:00:18 +0000