Google Allo a Clash of Privacy and Functionality

Google Allo has an end-to-end encryption capability powered by Signal, but it’s not turned on by default because it would interfere with an artificial intelligence powering Google Assistant.

Reaction to the release of Google’s Allo messaging app has been mixed since it was unveiled Wednesday during Google’s I/O event.

Allo has two modes, a normal mode run by an artificial intelligence that includes Google Assistant. It analyzes messages and offers suggestions based on the content that could include things like restaurant, movie or book recommendations.

Allo also has an incognito mode that includes end-to-end encryption and the integration of the respected Signal protocol.

End to end encryption, however, is not on by default in the app, only in incognito mode because the encryption would interfere with the AI and Google Assistant running in the other mode. It’s a clash and a compromise of security, privacy and functionality that’s leaving some flat.

Google engineer Thai Duong who was involved in the project and whose resume includes discoveries such as the BEAST, CRIME and POODLE attacks, wrote on his personal blog that he wished Allo had enabled end-to-end encryption by default. He also said that he would like to see soon a feature that allows a user to have end-to-end encryption on all the time and have messages automatically deleted.

Since the blog was published on Wednesday, however, those passages have been deleted. It’s unknown whether Duong removed those comments voluntarily.

Duong did say that the disappearing messages feature, as he put it, has as much value as end-to-end encryption. The feature happens where messages that are temporarily stored on Google’s servers waiting for delivery are encrypted and then deleted upon delivery.

“This is why I think end-to-end encryption is not an end in itself, but rather a means to a real end which is disappearing messages,” Duong wrote. “End-to-end encryption without disappearing messages doesn’t cover all the risks a normal user could face, but disappearing messages without end-to-end encryption is an illusion. Users need both to have privacy in a way that matters to them.”

He added: “Most people focus on end-to-end encryption, but I think the best privacy feature of Allo is disappearing messaging. This is what users actually need when it comes to privacy. Snapchat is popular because they know exactly what users want.”

Duong, in his post, cited consumer surveys where users wanted privacy-preserving features such as blocking unwanted users from messaging them, and deleting messages already sent.

“In other words, their threat model doesn’t include the NSA, but their spouses, their kids, their friends, i.e., people around and near them,” Duong said. “Of course it’s very likely that users don’t care because they don’t know what the NSA has been up to.”

Allo’s incognito mode is activated with one touch, Duong said, and enables Signal’s end-to-end encryption. Both modes encrypt messages in transit or at rest using QUIC or TLS 1.2.

Normal mode, however, relies on the AI and Assistant, neither of which would run properly with end-to-end encryption turned on by default.

“Like it or not, this AI will be super useful. It’s like having a personal assistant that can run a lot of errands for you right in your pocket. Of course, to help it help you you’ll have to entrust it with your chat messages,” Duong said. “I really think that this is fine, because your chat messages are used to help you and you only, and contrary to popular beliefs Google never sells your personal information to anyone.”

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.