Google’s new Allo messaging app is less than a day old, but it already has attracted a lot of attention from the security and privacy communities, thanks to its inclusion of end-to-end encryption and disappearing messages. Not all of the attention has been positive, however.
Allo is a combination app that includes typical chat capabilities such as text, photo, and video messaging, along with a variety of other features. One of the main capabilities that Google is touting in Allo is the Assistant, a new chatbot that, when enabled, will help users find information, answer questions, and perform other tasks inside the app.
“You can chat one-on-one with the assistant, or call on Google in a group chat with friends. Either way, you no longer have to jump between apps to do things like book a dinner reservation with friends, get up-to-date sports scores, settle a bet, or play a game,” Google’s Amit Fulay and Yariv Adnan wrote in a post introducing Allo.
Allo, which was introduced at Google’s I/O conference Wednesday, has two distinct modes. The default mode provides some security and privacy for users, offering encryption in transit and at rest on the sender’s and recipient’s devices. However, while the messages are stored on Google’s servers in this mode, they can be read by the chatbot. This raises some privacy concerns for users, experts say, even though no humans have access to the messages.
“End-to-end encryption and cloud-powered AI chatbots are incompatible. The default mode in chat apps will either favor privacy or AI chatbots,” Chris Soghoian, a security and privacy researcher and a principal technologist at the ACLU, said on Twitter.
“All messages sent in incognito mode will disappear after a few minutes.”
The other mode in Allo, called Incognito in a nod to the Chrome browser’s private mode, adds an extra layer of security by implementing complete, end-to-end encryption for messages. In this configuration, which users can enable with one touch, the messages are not readable on Google’s servers, even by the Assistant artificial intelligence.
“In this mode, all messages are further encrypted using the Signal protocol, a state of the art end-to-end chat encryption protocol which ensures that only you and your recipients can read your messages,” Thai Duong, one of the security engineers working on Allo, and a respected crypto researcher, said in a personal post on the app’s security.
Signal is the encryption protocol developed by Open Whisper Systems and provides security for the messaging app of the same name. The company worked with Google to implement Signal in Allo. In addition to the encryption provided by enabling Incognito mode, Allo also includes a feature that automatically deletes messages, similar to the way that Snapchat handles messages. This is a crucial addition from a security and privacy standpoint, as it provides an additional layer of protection if a device is lost or stolen.
“Most people focus on end-to-end encryption, but I think the best privacy feature of Allo is disappearing messaging. All messages sent in incognito mode will disappear after a few minutes. This is what users actually need when it comes to privacy,” Duong said.
“People want to hide their stuff from other people, being it their friends or anyone close to them. This is the kind of privacy that normal users need, but we security and crypto engineers spend most of our time not working on it. End-to-end encryption without disappearing messaging doesn’t cover all the risks a normal user could face, but disappearing messaging without end-to-end encryption is an illusion. Users need both to have privacy in a way that matters to them.”
While Incognito mode is not the default right now, Duong said there may be an option in the future for users to opt-out of cleartext messaging in Allo, telling the app that the user always wants her messages to be encrypted and automatically deleted.
“I can’t promise anything now, but I’m pushing for a setting where users can opt-out of cleartext messaging. Basically, with one touch you can tell Allo that you want to ‘Always chat in incognito mode going forward,’ and from that moment on all your messages will be end-to-end encrypted and auto-deleted,” Duong said.