In short: Google reportedly feared admitting the existence of a security flaw affecting its Google+ social media service due to the backlash the company would likely encounter both from consumers and regulatory bodies. The news on this comes from a new WSJ report which credits “people briefed” on the matter, as well as “documents reviewed” by the news outlet.
Background: The report highlighted a security vulnerability which could have potentially impacted on hundreds of thousands of Google+ users where user data would be visible to developers including personal information such as full names, birth dates, gender, occupation, email addresses, and even a user’s relationship status. While some of these aspects are commonly shared by users on social media sites including Google+, the suggestion is this information would have been visible regardless of whether it was shared or private. Besides revealing the additional details of the actual vulnerability, the reports picks up on how Google actively, and collectively, decided it better to not inform users or the wider public. With the suggestion one of the the reported reasons behind holding the information back was due to the how the company feared the backlash it would cause. Not only from users of the service but also regulatory bodies, especially considering Facebook at the exact same time was facing heavy criticism from the fallout of its own Cambridge Analytica user data scandal. With the report also confirming the decision to not inform the public was known throughout the company’s hierarchy, up to and including Sundar Pichai, Google’s Chief Executive Officer.
Impact: There are levels involved here. Firstly, this report came down the wire minutes before Google released its own statement confirming the issue, and stating that although as many as 500,000 users could have been affected, its own investigation suggested there was no evidence of any user impact. However, as an extension of the issue, and the realization of the continued effort needed to ensure the protection of a service like Google+, the company also took the same opportunity to announce it was closing Google+ permanently. Confirming the most obvious and major impact that is likely to be felt by end users from this issue. Then there’s also the issue surrounding the reportedly active choice made by Google to not inform the public. This in itself is likely to raise concerns on when and how companies like Google can and should disclose information that although may not have affected any users, could have affected users. Especially at a time when other tech firms are routinely coming under such heavy fire for disclosing similar issues. The act itself of holding back the information until Google was ready to at the same time announce the closure of the service will likely be viewed by many as a choice which placed the company’s well-being over that of its users.