Who on earth would want to use Google’s Allo chat app?

Graham Cluley

Who on earth would want to use Google's Allo chat app?

Who on earth would want to use Google's Allo chat app?

When Google first announced it was working on a chat app called Allo, I was unimpressed.

Because unlike competitors such as WhatsApp, Signal and Apple iMessage, Google said it would not be enabling end-to-end encryption by default in Allo.

Which sucks if you care about privacy. And you should all care about privacy – just take a read of the newspapers folks, and you’ll see how law enforcement agencies and malicious hackers have been able to intercept innocent users’ communications.

Google deliberately chose not to enable Allo’s end-to-end encryption (known as “Incognito mode”) by default because it runs counter to their other business objectives. And Google knows that only a tiny proportion of the public bother to change an app’s default settings.

GoogleHey ho… at least we can feel warm and fuzzy that Google said it would not be keeping users’ chat logs – a slap in the face for law enforcement agencies who may be interested in forcing the tech giant to hand them over.

Hang on a minute, The Verge has just published a new story about Allo. Oh dear… this sounds bad.

The version of Allo rolling out today will store all non-incognito messages by default — a clear change from Google’s earlier statements that the app would only store messages transiently and in non-identifiable form. The records will now persist until the user actively deletes them, giving Google default access to a full history of conversations in the app. Users can also avoid the logging by using Allo’s Incognito Mode, which is still fully end-to-end encrypted and unchanged from the initial announcement.

Google confirmed its U-turn in a statement to BBC News:

“We’ve given users transparency and control over their data in Google Allo. Our approach is simple – your chat history is saved for you until you choose to delete it. You can delete single messages or entire conversations.”

It can spin the media all it likes, but Google can’t hide the fact that it has made another blunder if it wants to become king of the chat apps. As users become more privacy-conscious they will (hopefully) learn that there are safer options than Google Allo.

Which raises one important question:

Why would anyone on earth want to use Google’s Allo chat app for secure messaging?

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 Replies to “Who on earth would want to use Google’s Allo chat app?”

  1. Indeed and this is little surprise to me.

    Users concerned about their privacy should look towards Signal or Telegram.

    WhatsApp is great but they too have made some worrying encroachments into your privacy that cannot be disabled (even by 'opting-out').

    iMessage is good and nicely integrated into iOS but is dependant entirely on both/all users having Apple devices. Nor does it use an independently validated encryption algorithm.

    Telegram is good for privacy but it should be used in 'Secret Chat' mode for the highest level of security. It too hasn't been externally validated.

    Which leaves us with Signal – they implemented the encryption into WhatsApp and have their own mobile app. The encryption has been well tested but the user interface isn't the nicest.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET EMAIL UPDATES