Google backs off on previously announced Allo privacy feature

When Allo was announced at Google’s I/O conference earlier this year, the messaging app was presented as a step forward for privacy. Alongside the end-to-end-encrypted Incognito Mode, the Allo team talked about bold new message retention practices, storing messages only transiently rather than indefinitely.

But with the release of the app today, Google is backing off on some of those features.

The version of Allo rolling out today will store all non-incognito messages by default — a clear change from Google’s earlier statements that the app would only store messages transiently and in non-identifiable form. The records will now persist until the user actively deletes them, giving Google default access to a full history of conversations in the app. Users can also avoid the logging by using Allo’s Incognito Mode, which is still fully end-to-end encrypted and unchanged from the initial announcement.

Like Hangouts and Gmail, Allo messages will still be encrypted between the device and Google servers, and stored on servers using encryption that leaves the messages accessible to Google’s algorithms.

According to Google, the change was made to improve Allo's smart reply feature, which generates suggested responses to a given conversation. Like most machine learning systems, the smart replies work better with more data. As the Allo team tested those replies, they decided the performance boost from permanently stored messages was worth giving up privacy benefits of transient storage.

The decision will also have significant consequences for law enforcement access to Allo messages. By default, Allo messages will now be accessible to lawful requests, similar to message data in Gmail and Hangouts and location data collected by Android. In the past, Google legal officers have stated that subpoenas are not sufficient to obtain that information, stating "we believe a warrant is required by the Fourth Amendment to the U.S. Constitution" for access to private information in a Google account.

The messages might not be there if the user had previously deleted them, or if the conversations took place in Incognito Mode — but in most cases, they will be. That leaves Google with much less danger of the kind of legal showdown Apple faced in San Bernardino and WhatsApp currently faces in Brazil.

Update 1:26PM ET: Updated with more information about Google's internal legal review.


Another reason to stick with iMessage.

So don’t use iCloud backup if you want your messages to stay private. I’ve never used it.

Still better than Allo’s default privacy.

But not as good as incognito mode’s privacy.

Better hope all the people you talk to also don’t use it, or your privacy is out the window.

Does Allo take in SMS?

No, though it sends messages as SMS to iPhone users who don’t have the app installed.

Apple encrypts your cloud backups with only one password (for your AppleID), and since they provide password recovery feature, they can access to your cloud archive (as per court order, for example).

To avoid that you should only backup locally to your Macintosh/PC, or to not backup at all. In either of those cases the privacy is really strong.

I do with that Apple would offer a cloud backup without password recovery option. This would mean that Apple would not be able to access the data; though there is danger that you would forget your password.

But the point is they don’t. They are not interesting in reading your messages to profile you for advertising

Apple’s entire business model is not based upon selling your details to advertisers. Google’s is.

that’s not true they only sell aggregate data

they don’t sell any data. They provide a match service.

Google is the advertiser. They don’t sell their competitive advantage.

Signal’s security engineer Frederic Jacobs will join Apple as an intern this summer, to work on its CoreOS security

I believe Moxie (another Signal guy) was brought over to Apple for temporary work as well – they’re definitely continuing to lock things down. Sad to see Google back off on this.

Another reason to stick with iMessage.

Signal is a better solution.

It really depends. Security its absolutely hands down Signal.

But, like I found out, if I move to a new iPhone using an encrypted local backup (love that Apple still supports that) and restore on the new phone all the connections and message strings in Signal are gone (almost certainly a security choice there). But its inconvenient to an annoyance, so while I use Signal with my Android connections I still use iMessage (which all comes back on restore) on iOS connections because of the usability. JMHO…

If only anyone I knew used it.

I’m sorry to keep banging this drum but it just isn’t cross platform and text messages are not good enough these days. Not only can I physically not use iMessage, I wouldn’t want to. It’s like BBM all over again.

I use an iPhone primarily, but for those times I switch over to my Nexus, the worst thing that happens is my chat bubbles turn green and I don’t get fun but pointless stickers. My friends don’t have to do anything differently.

you’re also using SMS, which means there’s no delivery guarantees, your pictures and videos get compressed to hell, group chat sucks, etc., etc. WhatsApp, Facebook Messenger, etc.—none of them intentionally go into 1980s mode the way Apple does.

What’s better, having a platform-exclusive messaging service that falls back to the basic but universal messaging system, or a cross-platform service that requires everyone you contact to also have the app installed?

Probably depends on your situation, but in general I think both options have roughly equal benefits and drawbacks.

I think installing the app is a clear winner. Almost the whole world (outside of the U.S.) agrees.

Maybe because a lot of the world still has carriers charging for incoming SMS. That’s a huge driver for apps like Line having become popular in the first place.

View All Comments
Back to top ↑