The bug was introduced in a release that went live at an undisclosed date in November and was fixed a week later, Google officials said in a blog post. During the time the bug was active, developers of apps that requested permission to view profile information that a user had added to their Google+ profile received permission to view profile information about that user even when the details were set to not-public. What’s more, apps with access to users’ Google+ profile data had permission to access non-public profile data that other Google+ users shared with the consenting user.
