Who on earth would want to use Google's Allo chat app?

‘Allo ‘allo. Logging all conversations by default? That sounds bad.

Who on earth would want to use Google's Allo chat app?

When Google first announced it was working on a chat app called Allo, I was unimpressed.

Because unlike competitors such as WhatsApp, Signal and Apple iMessage, Google said it would not be enabling end-to-end encryption by default in Allo.

Which sucks if you care about privacy. And you should all care about privacy - just take a read of the newspapers folks, and you'll see how law enforcement agencies and malicious hackers have been able to intercept innocent users' communications.

Google deliberately chose not to enable Allo's end-to-end encryption (known as "Incognito mode") by default because it runs counter to their other business objectives. And Google knows that only a tiny proportion of the public bother to change an app's default settings.

GoogleHey ho... at least we can feel warm and fuzzy that Google said it would not be keeping users' chat logs - a slap in the face for law enforcement agencies who may be interested in forcing the tech giant to hand them over.

Hang on a minute, The Verge has just published a new story about Allo. Oh dear... this sounds bad.

The version of Allo rolling out today will store all non-incognito messages by default — a clear change from Google’s earlier statements that the app would only store messages transiently and in non-identifiable form. The records will now persist until the user actively deletes them, giving Google default access to a full history of conversations in the app. Users can also avoid the logging by using Allo's Incognito Mode, which is still fully end-to-end encrypted and unchanged from the initial announcement.

Google confirmed its U-turn in a statement to BBC News:

"We've given users transparency and control over their data in Google Allo. Our approach is simple - your chat history is saved for you until you choose to delete it. You can delete single messages or entire conversations."

It can spin the media all it likes, but Google can't hide the fact that it has made another blunder if it wants to become king of the chat apps. As users become more privacy-conscious they will (hopefully) learn that there are safer options than Google Allo.

Which raises one important question:

Why would anyone on earth want to use Google's Allo chat app for secure messaging?

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

2 Responses

  1. Bob

    September 22, 2016 at 12:19 am #

    Indeed and this is little surprise to me.

    Users concerned about their privacy should look towards Signal or Telegram.

    WhatsApp is great but they too have made some worrying encroachments into your privacy that cannot be disabled (even by 'opting-out').

    iMessage is good and nicely integrated into iOS but is dependant entirely on both/all users having Apple devices. Nor does it use an independently validated encryption algorithm.

    Telegram is good for privacy but it should be used in 'Secret Chat' mode for the highest level of security. It too hasn't been externally validated.

    Which leaves us with Signal – they implemented the encryption into WhatsApp and have their own mobile app. The encryption has been well tested but the user interface isn't the nicest.

  2. Simon

    September 22, 2016 at 11:36 am #

    Just boycott it.

    It's likely to be put to pasture like some of other Google's products.

Leave a Reply