Google Allo privacy issue: Non-incognito messages will be saved on servers

Google Allo messaging app faces privacy issues as company says it will store messages on its servers by default.

By: Tech Desk | Updated: September 21, 2016 2:23 pm
Google Allo, Google Allo Privacy, Allo Privacy issues, Allo Privacy Messaging, Google, Google Allo app download, Google Allo messaging, Allo privacy policy, Allo message encryption Google’s Allo app has a privacy problem.

Google Allo app for instant text-messaging has now gone live, across the world. The app is available on Android and iOS worldwide, and is being pitched as a potential challenger to WhatsApp, Facebook Messenger, Snapchat and others. But it seems Google Allo is already facing a privacy concern. Google Allo is not end-to-end encrypted by default, but the company had said at I/O that all messages are encrypted by default, and then deleted from its servers.

Now according to a report in The Verge, Google Allo will be storing all messages (in the non-incognito mode) by default on its servers. Earlier Google had indicated requests made to the Google Assistant will be stored only transiently, and eventually get deleted. However it seems the records will now remain and a user will have to actively delete these in the settings.

Google Allo messages will be encrypted between the device and Google servers, but make no mistake the company plans to store these messages. According to the Allo help page, Google is using this information to improve the Assistant experience.

“We’ll continue to improve the usefulness of the Google Assistant over time, and part of this is through learning from past activity with the Google Assistant,” says one of the support pages for Allo. Assistant is a machine-learning system and it will work better with more data over time, so Google needs to make sure it has all the information it needs. Unfortunately that also means user privacy around chats is affected.

Google Allo had faced privacy concerns earlier as well with NSA whistleblower Edward Snowden questioning why Google had not made Incognito as the default mode.

Also read: Google Allo Messaging app is here: Our first impression

Interestingly after the May announcement, Google engineer Thai Duong wrote a blogpost on Allo’s security and said the AI chatbot will be able to read users messages in the default mode, and the messages are temporarily stored in Google’s servers.

His blogpost read at the time, “Allo clients talk to Google servers using QUIC or TLS 1.2. When messages are temporarily stored on our servers waiting for delivery they are also encrypted, and will be deleted as soon as they’re delivered.” Obviously this has now changed.

Also read: Snowden asks people to avoid Google Allo over privacy concerns

Interestingly the original post Duong had said he was an engineer “in charge of the end-to-end encryption feature”, but later edited the post to say that he had consulted on “security for Allo,” from the outside.

With Google storing messages from Allo, it will raise privacy issues for a lot of users. However the Duo, the video-calling version of the app is end-to-end encrypted. Also the Incognito mode in Allo is end-to-end encrypted, and messages have an expiration time that a user can set, after which it will get deleted.