Google Allo messaging app offers end-to-end crypto, but not as default
On Wednesday, at its annual developer-focused conference, Google introduced two new cross-platform apps: Allo and Duo. Google Allo is a messaging app, and Duo is a video calling app.
Allo has been dubbed a “smart” app, as it integrates machine learning, Google’s bot-based Google Assistant, and has a Smart Reply feature that will suggest responses.
More details about the app’s capabilities can be found here, but what interests security-minded individuals the most are the security and privacy options it provides.
Allo has an Incognito mode.
“Chats in Incognito mode will have end-to-end encryption and discreet notifications, and we’ll continue to add new features to this mode,” Amit Fulay and Yariv Adan, group product managers at Google, explained.
Open Whisper Systems’ Moxie Marlinspike revealed that the app is using their open source Signal Protocol to power its incognito mode, and promised to provide more technical details and a summary of the integration when the app is available (the release is scheduled for this summer).
But privacy advocates are not satisfied because encrypted chat is not turned on by default.
“Making crypto opt-in hurts users who know least about tech,” Christopher Soghoian, a technologist at the American Civil Liberties Union, noted on Twitter. “Google Allo is Telegram, except with user data held in the US, and thus easier for the US gov to obtain.”
Not providing end-to-end encryption was likely not an option, as Google’s competition in the messaging app market – Apple’s iMessage, Facebook’s Whatsapp, Viber – all offer it, and in the first two it’s enabled by default.
Soghoian believes that making encryption opt-in was a decision made by the business and legal teams, and that the choice was made both to favor Google, who wants to mine the information in users’ chats, and governments – United States’ in particular.
As one Twitter user succinctly commented, “Every tweet I read about Google Allo I see Jim Comey in my mind, saying some companies have adjusted their business model.”
Edward Snowden, who openly uses Open Whisper Systems’ Signal messaging app and believes communications via it to be safe, has advised avoiding Allo for now.