Google’s Allo fails to use end-to-end encryption by default

Sorry, if you want more privacy you’ll have to flick a switch.

Allo

How disappointing.

Google has announced that later this year it will be releasing a new messaging app called Allo.

You can think of it as a competitor to WhatsApp, iMessage or Signal.

Sign up to our free newsletter.
Security news, advice, and tips.

Apart from there’s one big difference. Because, unlike those messaging apps which came before it, Allo doesn’t have end-to-end encryption enabled by default.

Instead, if users wish to feel confident that their private messages are properly protected from interception by unauthorised parties, they will have to change a setting in the app – enabling something called “Incognito” mode.

GoogleSeriously, it’s great that Google is going to have an end-to-end encryption option in Allo, and I’m reassured that they are partnering with Open Whisper Systems (developers of the Signal protocol) who are experts in secure messaging, but I want to know why it isn’t the default?

Because if there is one thing we have learnt over the years, it’s this. Few users ever change the default settings.

WhatsApp, iMessage and Signal all have end-to-end encryption by default. If Google Allo doesn’t do the same then… well… why would I ever want to use it?

It leaves me wondering quite why Google has taken this approach, especially since so many in the tech community have been keen to show their support for encryption in the wake of the FBI’s attempt to strong arm Apple into breaking into the San Bernardino iPhone.

I can only conclude that some of Allo’s features simply won’t be easy (or perhaps possible) for Google to implement if end-to-end encryption is in place. After all, the whole idea of end-to-end encryption is not just that criminal hackers and state intelligence agencies can’t snoop on your chats, but also that your provider (Google in this case) can’t see them either.

When you read Google’s description of Allo, you can see that the company wants to read your messages in order to learn more about you:

Allo has Smart Reply built in (similar to Inbox), so you can respond to messages without typing a single word. Smart Reply learns over time and will show suggestions that are in your style. For example, it will learn whether you’re more of a “haha” vs. “lol” kind of person. The more you use Allo the more “you” the suggestions will become. Smart Reply also works with photos, providing intelligent suggestions related to the content of the photo. If your friend sends you a photo of tacos, for example, you may see Smart Reply suggestions like “yummy” or “I love tacos.”

At the same time as the Allo announcement, Google offered a sneak preview of Duo – its new smartphone video-calling app.

Why would you use it instead of any of the other video chat apps out there? Well, the main differentiating feature in Duo that Google seems to be pushing is “Knock Knock” – offering a live video preview of the caller before you pick up the call.

The good news?

“we built Duo with privacy and security in mind and all calls on Duo are end-to-end encrypted.”

At least, for now, it doesn’t seem that video communications will be slacking when it comes to security.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

6 comments on “Google’s Allo fails to use end-to-end encryption by default”

  1. M. Possamai

    Really? It has been announced but will not be available until this summer… shit can still change. You are bashing beta software..

    That's a cheap shot man…..

    1. Bob · in reply to M. Possamai

      How's it a cheap shot? Google themselves have announced this as a feature EXCLUSIVE to incognito:

      "Privacy and security are important in messaging, so following in the footsteps of Chrome, we created Incognito mode in Allo. Chats in Incognito mode will have end-to-end encryption and discreet notifications, and we’ll continue to add new features to this mode."

      https://googleblog.blogspot.com/2016/05/allo-duo-apps-messaging-video.html

  2. A. Davis

    How else to you suppose they provide you with the services consumers want Graham? Legitimate Man in the Middle seem fine in this scenario. (Obviously, as long as consumers of the service are aware of this and know of the possible outcomes.)

    1. Bob · in reply to A. Davis

      How about having encryption as an opt-out instead of an opt-in? That seems to me to be the whole point of his article.

      If security is ON by default then users have only themselves to blame if they disable it (to gain extra services) and then lose protection. As time has show very few consumers activate security features.

      WhatsApp don't have any problems providing "the services consumers want", they're wildly popular and use end-to-end encryption.

      Many commentators are saying it's 'too little, too late' from Google.

  3. Pete

    To all the people bashing the article, here's a little test for you. Do you use secure messaging for email? Specifically, are you using PKCS signatures/keys for your email messages, and insisting that your co-communicants do the same?

    If you can honestly answer yes, then please explain how you were able to accomplish that and still have more than a few people left to communicate with…because in my experience, even ASKING folks to use the PKCS encryption built into most (civilized) mail clients usually evokes the response, "Huh? Whuzzat…?"

    The truth is that getting people to use secure messaging is an uphill battle. What the article says is equally true; the vast majority of users never change the default settings, and the reason they don't do so is because they don't even think about it. They're not even asking themselves the question, "Hey…am I communicating securely here?" It's completely off their radar.

    The point is that, a thoughtful person has to wonder how sincere Google really is about their users' security by leaving an important security feature off by default. It does suggest that they're counting on the fact that most people won't use it.

    I won’t argue about the fact that monetizing people's personal information is what pays for the service; I already know that. I'll bet the folks at Google believe their intentions are benign, and maybe they are. After all, they’re just taking advantage of an opportunity engendered by an existing market condition—namely, the epidemic of public ignorance and static inertia that keeps people using unencrypted messaging.

    But the fact remains that they're gathering personal information, and that's an exposure hazard. That's why I use Google's services sparingly in the first place. Ditto for Facebag, where the exposure hazard is much greater. I terminated my account for the simple reason that I know it's not free, and I'm not willing to pay the price in lost privacy and security. Plus, I have a strong disinclination to patronize someone (Mr. Zuckerberg) who thinks his users are “dumb f_cks”.

    Anyhow, it's disappointing to see Google leave message encryption off by default. I give them credit for at least having the "Incognito" feature there for users who are smart enough to turn it on. But I'm doing a wait-and-see as to how good a job they do in encouraging folks to use it. Until they do, they’re missing an opportunity to take the moral high ground by educating their users about secure messaging.

  4. Bob

    Here's an update.

    http://arstechnica.com/security/2016/05/incensing-critics-google-engineer-ends-push-for-crypto-only-setting-in-allo/

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.