Google Retreats on Some Allo Privacy Promises

Google released its smart messaging app called Allo, but a decision to log chats indefinitely has privacy advocates worried.

Google released its Allo messenger application today, and right along with it a measure of controversy that has critics urging potential users to stay away.

The angst stems from what seems to be a reversal on Google’s part to start logging chats in the app’s non-incognito mode by default, something the company said in May it would not do when Allo was unveiled at its I/O conference.

All messages sent through Allo are encrypted; only in incognito mode are messages are encrypted end-to-end. The concern is that since chats are now logged until the user deletes them, Google could more readily comply with law enforcement and government requests for user data because few consumers are likely to change default settings.

“That’s very concerning and raises questions about whether Google made this change at the request of law enforcement,” said Claire T. Gartland, Electronic Privacy Information Center Consumer Protection Counsel.

“From my perspective, this change signals that Google is more interested in targeted advertising profits and maintaining the company’s cozy relationship with the U.S. government than in protecting their customers’ privacy and security,” Gartland said.

Three years ago, Google published its policy for handling law enforcement requests and explained its promise to push back against or refuse to comply with overly broad requests, and require a warrant to compel it to provide user account information or search query data.

NSA whistleblower Edward Snowden was among the most vocal opponents on Twitter today, advocating that privacy-seeking individuals steer clear of Allo in favor of other secure messaging apps such as Signal. “What is #Allo? A Google app that records every message you ever send and makes it available to police upon request,” Snowden tweeted.

Google positions Allo as a smart messaging app. Allo, which is available for Android and iOS, is built with an artificial intelligence that analyzes chat content and makes recommendations to the users for replies and communicates with the user through a chat bot called Google Assistant (think Siri).

When Allo was announced in May, some experts were worried that end-to-end encryption was not on by default in both modes of the app. Google countered that end-to-end encryption would interfere with the AI running in the app’s non-incognito mode.

With its release today, Google has put the security of conversations in the user’s hands.

“We’ve given users transparency and control over their data in Google Allo. And our approach is simple — your chat history is saved for you until you choose to delete it,” a Google spokesperson said in a statement sent to Threatpost.

“You can delete single messages or entire conversations in Allo,” Google said. “We also built Incognito Mode directly into the product, giving users control if they want their messages to be end-to-end encrypted, and you can set a timer to automatically delete messages on your device, and the recipient’s, at a set time.”

End-to-end encryption has been slammed by government and law enforcement officials as a severe impediment to national security and criminal investigations. FBI director James Comey has complained the loudest about the problem, which he has called Going Dark. Experts, meanwhile, have gone to great lengths to diminish the FBI’s concerns and demonstrate the dangers associated with extraordinary access in the form of intentional backdoors.

This debate of course came to a head this spring when Apple and the FBI went head-to-head over the government’s request that Apple cooperate in unlocking an iPhone 5c belonging to dead San Bernardino terrorist Syed Farook. The FBI tried to compel Apple through the courts to build a new version of the iOS firmware that would bypass authentication restrictions on the phone. The case never played out in court because the FBI contracted with a third party to successfully crack the phone’s security and dropped its case against Apple.

Criticism of Allo at the outset even came from inside Google. Prominent researcher Thai Duong, a Google engineer and discoverer of the BEAST, CRIME and POODLE attacks, advocated for end-to-end encryption to be turned on by default and that a feature be adopted where messages would be automatically deleted once delivered. Duong said at the time that the disappearing messages feature has as much value as end-to-end encryption.

“This is why I think end-to-end encryption is not an end in itself, but rather a means to a real end which is disappearing messages,” Duong wrote on his personal blog, which was deleted shortly after the initial Allo announcement. “End-to-end encryption without disappearing messages doesn’t cover all the risks a normal user could face, but disappearing messages without end-to-end encryption is an illusion. Users need both to have privacy in a way that matters to them.”

Suggested articles

Discussion

  • Dan on

    If you're using Project Fi and Hangouts you're already putting yourself in the same risk scenario.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.