Days after Google announced its new Allo messaging app at the annual I/O 2016 conference, the yet-to-launch messaging app is already under criticism over privacy concerns.
Allo is a new text-based messaging app, and Google’s hopeful challenger to more-established players like WhatsApp, Facebook Messenger, Snapchat. Allo will be powered by Google’s new and upcoming AI chatbot Google Assistant, and will even let users book a restaurant, send automated replies to their friends.
But Allo is facing critcism over the ‘end-to-end’ encryption feature, which is not enabled across the app by default. The feature is only available in the Incognito mode. NSA whistleblower Edward Snowden has criticised Google Allo app on Twitter, and said Google’s decision to disable end-to-end encryption was dangerous. He asked people to avoid using the app, and his tweet has been re-tweeted over 8000 times on the site.
Google’s decision to disable end-to-end encryption by default in its new #Allo chat app is dangerous, and makes it unsafe. Avoid it for now.
— Edward Snowden (@Snowden) May 19, 2016
Snowden’s comment comes in the backdrop of a controversy around a blogpost published by a Google engineer Thai Duong, who tried to explain why end-to-end encryption was not enabled by default and allay privacy fears around the app.
The blogpost has since then been re-edited, and while a cache of the original is available on Bing here, it no longer mentions Duong as a Google engineer, but as “someone from outside the team who consulted on security for Allo.”
The original post read, “I’m one of the engineers in charge of the end-to-end encryption feature in Google Allo. This post (and everything else in this blog) is solely my personal opinion, as I don’t speak for my employer.”
Now it says, “This post is solely my personal opinion, as someone from outside the team who consulted on security for Allo.”
Interestingly his original post also mentions that he wishes end-to-end encryption was the default setting on the Allo across the board, a paragraph that also been removed.
In the original post, Duong wrong, “I wish it’s the default (because it’s my feature haha :), but even if it is not default all is not lost. I can’t promise anything now, but I’m pushing for a setting where users can opt out of cleartext messaging. Basically with one touch you can tell Allo that you want to “Always chat in incognito mode going forward,” and from that moment on all your messages will be end-to-end encrypted and auto-deleted. You can still interact with the AI, but only if you explicitly invoke it, so you don’t have to give up everything for your privacy gain.”
That paragraph is now gone, and it’s a point that Snowden has picked up.
Lesson: Bosses read blogs
— Edward Snowden (@Snowden) May 20, 2016
In the new blogpost, Duong says he has erased the paragraph about making end-to-end encryption as default because “it’s not cool to publicly discuss or to speculate the intent or future plans for the features of my employer’s products, even if it’s just my personal opinion.” The new blogpost is available here.
A point Duong was making in the blog was that end-to-end encryption by itself doesn’t really mean much for privacy, and end-to-end encryption without ‘disappearing messages’ means nothing. In Google Allo, messages in the Incognito mode will disappear after sometime and won’t be saved anywhere, neither the device or Google’s servers.
Duoung’s point is while a third-party or man-in-the-middle attack might not be possible in end-to-end encrypted apps like say WhatsApp, given that messages don’t disappear means they are still up for getting read.
The post also points out Google’s AI chatbot will be able to read users messages in the default mode, and the messages are temporarily stored in Google’s servers. The blogpost reads, “Allo clients talk to Google servers using QUIC or TLS 1.2. When messages are temporarily stored on our servers waiting for delivery they are also encrypted, and will be deleted as soon as they’re delivered.”
He also downplays the NSA fear to some extent and quoting a study from Simply Secure, adding that for most users “what matters the most is not whether the NSA can read their messages, but the physical security of their devices, blocking unwanted people, and being able to delete messages already sent to other people.”
While Google has not publicly commented on the privacy issues with Allo, the controversy over Duong’s blogpost won’t do much to boost the yet-to-be launched app’s public image. Also as this post on Ars Technica points out Duong has a provide track record in cyber-security, so the fact that he changed his post raises questions.