Yesterday, Google launched its new instant messaging app, Allo, globally. Features like Smart Reply, and Google Assistant make Allo a unique and really cool app. But is it secure?
When Google debuted Allo in May, it touted it as a chat app which values privacy. But now, according to Allo’s own privacy policies, it is not.
This support page on Allo, specifically states the following:
Your Allo conversations are stored on your device and Google’s servers. You can delete conversations or clear your message history within conversations in Allo only on your own device. The messages won’t be deleted or cleared on the devices of the people you chatted with.
This applies to all your chats, not just the ones which you had with the bot, Google Assistant. And to make things worse, the bot uses your chats with it to improve the way it serves you.
The Verge reports that the change was made by the Allo team, who discovered that the app’s machine learning system works better with messages permanently stored on the server. And as a result of this, the privacy options were abandoned in favour of better “smart replies”.
There are two ways to prevent your data from being shared.
- Open Allo, and tap on the conversation with Google Assistant. Now, tap the profile icon and then on the chat details option. Hit the Delete activity button to delete your chat. You can do this for other chats too, but doing so only deletes the chat from your device, the other person (or group members) will still have the chat history on their device/account.
- To prevent chats from being stored, you can use the incognito chat option from the main screen (tap the new chat button in the lower right corner). This will ensure your chat is end to end encrypted, and will also let your messages expire after a set time.
Oh, and Edward Snowden tweeted this:
Free for download today: Google Mail, Google Maps, and Google Surveillance. That's #Allo. Don't use Allo. https://t.co/EdPRC0G7Py
— Edward Snowden (@Snowden) September 21, 2016
This is one serious issue, which makes Google Allo sub par, when compared to its rival WhatsApp. We analyzed WhatsApp’s privacy policy which states that the service does not store delivered messages on their servers. It only exists on your devices. In case of undelivered messages, it is stored for a maximum of 30 days after which it is deleted.
And of course, WhatsApp uses end to end encryption by default.
