Earlier this year, Google unveiled a new instant messaging platform called Allo. While the app certainly features a beautiful UI and has several exciting new features, many security experts are concerned. This morning, Edward Snowden tweeted a warning to his followers strongly urging that no one download the app (which he referenced as “Google Surveillance.”)
For those that are just hearing of Allo for the first time – the platform was originally previewed during the Google I/O in May of this year. Considering that Google has long been a data-hungry corporation, the idea of the messaging app instantly raised several concerns.
In order to put the public at ease (and potentially even win over some privacy cautious customers), Google promised to implement end-to-end encryption and to delete all messages from their servers immediately after delivering them.
The long awaited app was finally released on Wednesday, but unfortunately without any of the promised security implementations.
Allo takes a huge step back from the product that was originally promised by Google. In fact, the app is completely unrecognizable from the demo – at least when it comes to privacy. Not only does Allo lack end-to-end encryption, but according to the app’s Terms of Service, Google will store all of their users’ messages on their servers, indefinitely.
The tech giant claims that the reason for this change can be attributed to their desire to make Allo smart. Google says that the only reason that they want your data is to provide you with better and more useful contextual suggestions within the app. While making Allo smart will definitely require user data, security experts are concerned that Google may be leaving out some of the story.
While that might seem like a bold claim, his statement is completely true for most countries. Depending on where you live, it’s very likely that your chats can be used as electronic evidence against you in the court of law. According to the Terms of Service, law enforcement agencies will have direct access to chat logs, as long as they submit a formal request and produce a warrant.
Despite the incredible disregard for privacy out of the box, Google is providing Allo users with a few options under the hood. Turning on incognito mode within the app will enable discreet notifications, and end-to-end encryption.
Those using incognito will also be able to set an expiry time for all of their messages – meaning that once the time is up, the messages will be deleted from both parties’ phones, and Google’s servers. All users also have the option to delete any message manually, with an extra step or two.
While that might seem like a good workaround for some people, there are a few problems with Google’s implementation of these features. For starters, Google considers privacy to be something that their users need to opt-in to, rather that offering encryption right out of the box.
Secondly, incognito mode breaks a number of Allo’s most interesting features. Since the app comes with a built-in assistant, it requires data to provide contextual suggestions and improve itself over time. With incognito mode, the assistant doesn’t get any smarter, which completely defeats the purpose of the app altogether.
As far as more secure alternatives go, Snowden recommends Signal.