Today Google releases the Allo app — a new messaging app that was expected to provide a few cool features as well as privacy for its users. But the company made some changes, and as a result the new app is really not what we expected.
When Google announced Allo for iOS and Android earlier this year, the app promised a clean interface, cool features including signing up with your phone number, and the built-in Google Assistant. On the one hand, this feature lets you chat with the Google bot and ask it all sorts of questions. On the other hand, it learns how you chat and then offers you quick responses — or as they call them, “smart replies.”
This smart replies feature is controversial: If anyone gains access to your Google account (or your phone with Allo installed), they can use smart replies to imitate your conversation style. In other words, smart replies make stealing your identity much, much easier.
We can also blame smart replies for the lack of privacy in Allo.
Here’s the thing: Google’s team initially stated that all conversations of Allo users would be encrypted so that nobody could read them. Moreover, conversation logs were to be stored on Google’s servers only transiently, and Google promised not to assign identities to the logs.
But the developers changed their minds. Now Allo will store all non-incognito messages until users manually delete them. Messages are encrypted between the device and Google servers, yes. But they are stored, so Google has access to all chats in the app. It uses the chat logs specifically to make smart replies more accurate, relevant, and whatever else the company wants smart replies to be.
Google engineers decided that improving auto responses was worth making all messages accessible to law enforcement. https://t.co/QnmM4y8PwP pic.twitter.com/Tdfapt0oGV
— Christopher Soghoian (@csoghoian) September 21, 2016
There is a way to keep your conversation private: Create incognito chats, which are meant to be fully end-to-end encrypted (which means Google can’t read them) — and it seems they work. Of course, in incognito mode you won’t have smart assistant features.
The new Allo reality is not user-friendly, and in fact, it doesn’t seem like fair play. If you feel as betrayed as I do, there are two things that you can do.
- Use one of these nine messaging apps that value users’ privacy and security.
- Use Allo’s incognito mode.
Quick #poll with the rollout of #GoogleAllo a question for you – Will you use #Allo? #infosec
— Kaspersky Lab (@kaspersky) September 21, 2016