The presence of Google+ is definitely growing as it continues to become a significant part of how we interact with many of Google's services. Early this year, the social network branched out to become a sign-in solution for virtually any kind of app or website. With an announcement yesterday, Google+ is now set up to accept sign-ins from Google Apps users and accounts without an actual Google+ profile. If that weren't good enough, the permission system has been greatly improved to support "incremental auth," which allows apps and websites to request only vital permissions to begin using them, and then ask for new permissions once the user is logged in.
The incremental auth feature is particularly great because it reduces the number of permissions a user has to hand over before getting started with an app. This means you might be initially asked for as little as an email address or basic profile information, but once inside, the app can prompt you for greater access when it's needed. If used correctly, this should help to give users more context about how a permission would be used, like a music service asking to check your YouTube history to determine what you listen to.
Of course, developers will have to choose to implement incremental auth, so we may be waiting a while for it to become common place. However, It's likely users will learn to be wary of apps that ask for too much up front, which should help to motivate lazy or opportunistic developers to adjust. Additionally, competitors like Facebook will probably feel some pressure to offer similar capabilities to reduce up-front requirements and generally appease privacy concerns. Now if we could just add this to the Android permission system...<hint> <hint>
In a move that should also make some users happy, Google+ Sign-in can now accept almost any Google account. Those with Google Apps accounts or anybody who has resisted creating a Google+ profile are now able to use those accounts to access apps and sites through the standard sign-in mechanism. Naturally, if there is no attached Google+ profile or if it's a Google Apps for Business account with disabled social features, a number of apps and sites will probably still turn you away. Regardless, this can be useful for anything that simply needs the login token and basic info.
To ease the adoption of Google+ Sign-in, the developer portal includes simple migration instructions to help transition from OpenID v2 or OAuth 2.0. With the latest update, Google+ can also be configured to enable compliance with the OpenID Connect protocol, which allows users without a Google account to sign in with other compatible providers.
This announcement brings a more flexible set of sign-in options for Google+ and should lead to a more trustworthy experience for anybody concerned with privacy. Overall, it sounds like pretty good news for everybody.
Thanks, David Jones!
Source: Google+ Developers Blog