The company explained that it's doing this because of a discovery that 52.5 million users were impacted by a software update in November that contained a bug affecting Google+ API.
The bug appears to be connected to a certain Google+ API that let apps view information that users added to their profile, even if the user had set this data as private.
This included their name, email address, occupation, age, and more, but not financial data, passwords, or national identification numbers.
While Google discovered and addressed the bug within a week, and promises no third party compromised its systems, it has decided to hasten the closure of the consumer version of Google+ and all Google+ APIs. Ahead of the April 2019 sunsetting of the platform, the network's APIs will be shut down within 90 days from today.
Google explained what it knows about the bug:
- We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.Google says that ahead of the closure of the consumer Google+, in the coming months it will provide users with additional information on how to safely and securely download and migrate their data off of the platform. In the end, Google also reiterated on its original reasoning behind the sunsetting of Google+, which is because of "the significant challenges involved in maintaining a successful product that meets consumers’ expectations, as well as the platform’s low usage."
- With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.
- In addition, apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.
- The bug did not give developers access to information such as financial data, national identification numbers, passwords, or similar data typically used for fraud or identity theft.
- No third party compromised our systems, and we have no evidence that the developers who inadvertently had this access for six days were aware of it or misused it in any way.
The pushed up end date for Google+ comes just under a week after the company announced the closure of Google Allo, which will see many of its features migrated to the main Google Messages app on Android.