PINDROP BLOG

No Surprise Google is Storing Allo Messages

The launch of Google Allo came with a big surprise. The surprise isn’t that Allo stores users’ messages indefinitely by default, the surprise is that people were surprised by that.

When the company announced Allo in May, Google officials touted its security and privacy features, emphasizing the end-to-end encryption built into the app and the Incognito mode that gives users the ability to set expiration times for messages and also prevents Google’s servers from mining those messages for information. That data mining ability is the lifeblood of the Assistant feature in Allo, an artificial intelligence-based bot that is supposed to offer users suggestions and smart replies to questions.

The Assistant is blind in Incognito mode, as messages are encrypted using the Signal protocol that ensures messages are readable only by the two parties in the conversation. But in normal mode, which is the default in Allo, not only are the messages not encrypted by default, they are used as fodder for the AI system and are stored forever, unless both the sender and recipient delete them. This caught some people off guard yesterday when the app finally launched, because Google execs had said Allo message would only be stored temporarily.

This is one of the least surprising Internet developments since the demise of Kozmo.com.

Let’s review the facts, as we know them:

  • Google makes money by mining user data for interests and using that information to tailor ads to those interests
  • Allo is a Google app

It’s not a huge leap of logic to conclude that Google would collect information from Allo messages and use it for data-mining purposes. It’s expected behavior. It may not be desirable behavior from the perspective of most users, but it’s expected behavior. If you’re surprised by that, don’t use the Internet.

From a security perspective, there are much better options than Allo, namely Signal for iOS or Android, which encrypts messages by default and doesn’t make them readable or available to any third parties. Even iMessage is better and is more user-friendly, as well. If you use Google’s services, many of which are quite useful and secure, know that they come with significant privacy trade-offs. Allo doesn’t look to be useful enough to warrant making those concessions. But don’t be shocked at the way the company is handling user data on the app.

Google is as Google does.

Image from Flickr stream of Brett.

Webinar: Call Center Fraud Vectors & Fraudsters Defeated