Google had announced about Allo, its new instant messaging app along with Duo, the new video chat app at the Google Developers I/O conference, 2016.
According to the reports at the conference, both Duo and Allo are fully encrypted. Along with the end-to-end encryption feature for the Incognito mode, the Allo team had also mentioned about storing messages transiently, and retention of new messages. However, with the release of the app, Google seems to have backed out on a few features. There seem to be a few changes made by the company with regard how the non-incognito messages are stored by Allo.
Incognito and Non-Incognito Message Encryption
On Wednesday, Google had said that with the launch of Allo, they will be saving all the Incognito messages permanently. In May, Google had reportedly said that Allo will store the message logs only temporarily. But the company seems to need the chats to log so that more data is provided to the algorithms for machine learning so that the functionality of the Google Assistant is improved along with its Smart Reply features.
This means that all the chat records will be saved in the app until the user chooses to delete them, which in turn will be giving Google complete access to all the chat histories. The messages that will be sent in the non-incognito mode will be encrypted while it is transmitted in between the Google servers and the device like it is for Gmail and Hangouts. However, the company can decrypt these messages at its server level to improve the performance of Assistant and other features.
On the contrary, the Incognito mode of Allo is completely end-to-end encrypted for the users who wish to keep their conversations and data private. Google will not have any form of access to these messages. Google mentioned in a blog post that when the users will chat in Incognito mode, the messages will be end-to-end encrypted and all the additional features for privacy like expiring messages and vigilant notifications will be available.
The encrypted chats in the Incognito mode have an expiry timer so that they will be wiped out automatically after the expiry time. The users can themselves set the duration of time for expiration of the chats. However, the users will not be able to utilize the features that Allo offers for its Assistant and for Smart Reply, while in the Incognito mode. This means that the users who are more concerned about their privacy will have no obvious reasons to use Allo since the app’s biggest USP is its smart features, which will be compromised in the Incognito mode.
The messages might be wiped out completely if the user had deleted them previously, or if the conversations had taken place in the Incognito mode. But in most of the cases, the conversations will still stay there. This leaves Google with less of a danger like that of the legal clashes which Apple is facing in San Bernardino and that WhatsApp is facing currently in Brazil.
Due to this decision of Google, the company might have to face powerful consequences for law enforcement access to the Allo messages. The Allo messages will now be accessible for legal requests just like the data and information in Google Hangouts, Gmail, and location data which is collected by Android, though it will still require a warrant according to the Fourth Amendment of the U.S. Constitution, for granting access to private information of a Google account.
According to a report by the Project Manager for Real-Time Communications, Google, the company is going to use the TLS even in the non-incognito mode of chats. The official said that Assistant and Smart Reply features will add a lot of value to the users and it is also a value trade-off. And it is easy to go Incognito whenever the user wishes to.
Though this move of keeping the messaging app less private is going to improve Google’s machine learning, still the privacy of the users while using Allo is very much questionable. The users may not flock to Allo given how the instant messaging platforms like Facebook Messenger and WhatsApp are directing themselves towards full end-to-end encryption.