Google's Allo fails to use end-to-end encryption by default

Sorry, if you want more privacy you’ll have to flick a switch.

Allo

How disappointing.

Google has announced that later this year it will be releasing a new messaging app called Allo.

You can think of it as a competitor to WhatsApp, iMessage or Signal.

Apart from there's one big difference. Because, unlike those messaging apps which came before it, Allo doesn't have end-to-end encryption enabled by default.

Instead, if users wish to feel confident that their private messages are properly protected from interception by unauthorised parties, they will have to change a setting in the app - enabling something called "Incognito" mode.

GoogleSeriously, it's great that Google is going to have an end-to-end encryption option in Allo, and I'm reassured that they are partnering with Open Whisper Systems (developers of the Signal protocol) who are experts in secure messaging, but I want to know why it isn't the default?

Because if there is one thing we have learnt over the years, it's this. Few users ever change the default settings.

WhatsApp, iMessage and Signal all have end-to-end encryption by default. If Google Allo doesn't do the same then... well... why would I ever want to use it?

It leaves me wondering quite why Google has taken this approach, especially since so many in the tech community have been keen to show their support for encryption in the wake of the FBI's attempt to strong arm Apple into breaking into the San Bernardino iPhone.

I can only conclude that some of Allo's features simply won't be easy (or perhaps possible) for Google to implement if end-to-end encryption is in place. After all, the whole idea of end-to-end encryption is not just that criminal hackers and state intelligence agencies can't snoop on your chats, but also that your provider (Google in this case) can't see them either.

When you read Google's description of Allo, you can see that the company wants to read your messages in order to learn more about you:

Allo has Smart Reply built in (similar to Inbox), so you can respond to messages without typing a single word. Smart Reply learns over time and will show suggestions that are in your style. For example, it will learn whether you’re more of a "haha" vs. "lol" kind of person. The more you use Allo the more “you” the suggestions will become. Smart Reply also works with photos, providing intelligent suggestions related to the content of the photo. If your friend sends you a photo of tacos, for example, you may see Smart Reply suggestions like "yummy" or "I love tacos."

At the same time as the Allo announcement, Google offered a sneak preview of Duo - its new smartphone video-calling app.

Why would you use it instead of any of the other video chat apps out there? Well, the main differentiating feature in Duo that Google seems to be pushing is "Knock Knock" - offering a live video preview of the caller before you pick up the call.

The good news?

"we built Duo with privacy and security in mind and all calls on Duo are end-to-end encrypted."

At least, for now, it doesn't seem that video communications will be slacking when it comes to security.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

6 Responses

  1. M. Possamai

    May 19, 2016 at 6:30 am #

    Really? It has been announced but will not be available until this summer… shit can still change. You are bashing beta software..

    That's a cheap shot man…..

    • Bob in reply to M. Possamai.

      May 19, 2016 at 12:26 pm #

      How's it a cheap shot? Google themselves have announced this as a feature EXCLUSIVE to incognito:

      "Privacy and security are important in messaging, so following in the footsteps of Chrome, we created Incognito mode in Allo. Chats in Incognito mode will have end-to-end encryption and discreet notifications, and we’ll continue to add new features to this mode."

      https://googleblog.blogspot.com/2016/05/allo-duo-apps-messaging-video.html

  2. A. Davis

    May 19, 2016 at 9:12 am #

    How else to you suppose they provide you with the services consumers want Graham? Legitimate Man in the Middle seem fine in this scenario. (Obviously, as long as consumers of the service are aware of this and know of the possible outcomes.)

    • Bob in reply to A. Davis.

      May 19, 2016 at 12:24 pm #

      How about having encryption as an opt-out instead of an opt-in? That seems to me to be the whole point of his article.

      If security is ON by default then users have only themselves to blame if they disable it (to gain extra services) and then lose protection. As time has show very few consumers activate security features.

      WhatsApp don't have any problems providing "the services consumers want", they're wildly popular and use end-to-end encryption.

      Many commentators are saying it's 'too little, too late' from Google.

  3. Pete

    May 19, 2016 at 7:35 pm #

    To all the people bashing the article, here's a little test for you. Do you use secure messaging for email? Specifically, are you using PKCS signatures/keys for your email messages, and insisting that your co-communicants do the same?

    If you can honestly answer yes, then please explain how you were able to accomplish that and still have more than a few people left to communicate with…because in my experience, even ASKING folks to use the PKCS encryption built into most (civilized) mail clients usually evokes the response, "Huh? Whuzzat…?"

    The truth is that getting people to use secure messaging is an uphill battle. What the article says is equally true; the vast majority of users never change the default settings, and the reason they don't do so is because they don't even think about it. They're not even asking themselves the question, "Hey…am I communicating securely here?" It's completely off their radar.

    The point is that, a thoughtful person has to wonder how sincere Google really is about their users' security by leaving an important security feature off by default. It does suggest that they're counting on the fact that most people won't use it.

    I won’t argue about the fact that monetizing people's personal information is what pays for the service; I already know that. I'll bet the folks at Google believe their intentions are benign, and maybe they are. After all, they’re just taking advantage of an opportunity engendered by an existing market condition—namely, the epidemic of public ignorance and static inertia that keeps people using unencrypted messaging.

    But the fact remains that they're gathering personal information, and that's an exposure hazard. That's why I use Google's services sparingly in the first place. Ditto for Facebag, where the exposure hazard is much greater. I terminated my account for the simple reason that I know it's not free, and I'm not willing to pay the price in lost privacy and security. Plus, I have a strong disinclination to patronize someone (Mr. Zuckerberg) who thinks his users are “dumb f_cks”.

    Anyhow, it's disappointing to see Google leave message encryption off by default. I give them credit for at least having the "Incognito" feature there for users who are smart enough to turn it on. But I'm doing a wait-and-see as to how good a job they do in encouraging folks to use it. Until they do, they’re missing an opportunity to take the moral high ground by educating their users about secure messaging.

  4. Bob

    May 20, 2016 at 11:20 pm #

    Here's an update.

    http://arstechnica.com/security/2016/05/incensing-critics-google-engineer-ends-push-for-crypto-only-setting-in-allo/

Leave a Reply