Google Inc. (GOOG): More Privacy, Security Concerns?

Google Inc. (NASDAQ:GOOG) – the third-most held stock among 450 hedge funds we track, with 126 funds currently holding positions – has become a tech giant thanks to its search engine and its advertising platform over the years. And part of the secret to having the successful advertising platform that generates billions or dollars of revenue has been the company’s ability to compile detailed information about users – including browsing histories and general preferences and habits online.

But a consequence of compiling all this information can be true, legitimate consequences for the company or for its users – or it could be just public perception and reputation for Google Inc. (NASDAQ:GOOG). There are a couple of items floating around that indicate that Google may still be putting user privacy and security at risk. There is the story about a review of Google Play terms and conditions that may leave it open for Google to forward personal data to app developers without user consent, and there is a group of researchers that found an exploit in Google’s two-step account verification process that makes Google user accounts susceptible to hijack.

Google Inc (GOOG)In the first instance, a Harvard professor contends that the terms and conditions of the Google Play store and Google Wallet (which processes the app purchases in the store) do not have clauses that explain that users are specifically informed that personal data will be forwarded to the app developer – which Google contends is for advertising purposes. It is reported that Google sends on user names, geographic regions and e-mail addresses to these developers, but many developers are reportedly pushing back. They reportedly are telling Google that due to privacy concerns, they are asking the company not to forward that information.

So with Google compromising privacy on one end, how is it handling security on the other end? Well …

It seems that while Google Inc. (NASDAQ:GOOG) is compromising user privacy on one end in its dealings with app developers, it apparently has a opening in its security measures that could be exploited by hackers to hijack user accounts, according to a team of researchers. The team has apparently found a way to use application-specific passwords (ASPs) to bypass Google’s two-step login verification system for accounts.

The exploit works something like this – with those applications that don’t support two-step verification, users are required to create a separate ASP for each of those applications. Turns out, the researchers found that these ASPs could be used to access any Google service or property, even in a way that works around the two-step verification.

In describing the exploit, the researchers wrote, “… (G)iven nothing but a username, an ASP, and a single request to https://android.clients.google.com/auth, we can log into any Google web property without any login prompt (or 2-step verification).”

What do you think about Google Inc. (NASDAQ:GOOG) and its issues with privacy and security? We’d like your thoughts about these issues in the comments section below.

DISCLOSURE: I own no positions in any stock mentioned.

Please see these related GOOG articles:

Google Has the Right to be Forgotten

Searching for the King of Search

Google Tries on a New Hat