Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Google Allo's Privacy Flaws: Concerning But Not a Dealbreaker

The main threat is the unlikely scenario that Google itself could be hacked, according to security experts.

By Tom Brant
September 24, 2016
Privacy, security, surveillance, spying, spy

Depending on how you view it, Google Allo is either a friendly chat bot that can help you find information and make plans with friends, or an invasion of privacy that gives Google even more insight into the inner workings of your digital life.

Either way, one thing is clear: as it does with many of its products, Google intends to use Allo chat histories as a way to help train its machine-learning algorithms. But the revelations that your messages will remain on Allo until you chose to delete them and that the app is unencrypted by default caused a bit of an uproar this week.

For some security experts, Allo's unsecured default settings aren't necessarily a problem. Malwarebytes CEO Marin Kleczynski thinks that Google's "we're storing your data unless you tell us not to" arrangement is further evidence that there's nothing especially risky about Allo, but that if you use it you shouldn't have a reasonable expectation of privacy.

Google Allo (for Android)"It's likely that using this app might be something you wouldn't mind using on a regular basis," Kleczynski wrote in an email to PCMag. That's especially true if you use Allo's "incognito mode," which encrypts messages and also disables Google Assistant, Allo's main AI component, essentially transforming the app into a version of Google Hangouts.

The main threat, he said, is the unlikely scenario that Google itself could be hacked: although your Allo chat history may be relatively innocuous, Google likely has collected other information on you that represents more of a risk if it were stolen.

"Google servers are incredibly secure and if they were breached, folks would need to be far more concerned about their email, location, payment information, and browsing history being up for grabs from bad guys before concerns about what messages they sent," Kleczynski wrote.

Still, why take the risk? If you're looking for a way to chat with friends, and don't need an AI assistant at your beck and call, there are plenty of more secure options. Among the most mainstream is Facebook's Messenger. It automatically encrypts messages, though Facebook is adding bots and other features to Messenger, positioning the app as a standalone service separate from its social network.

For someone who wants a messaging app that's explicitly focused on privacy, Telegram and Signal are also options. But even those won't satisfy the most security-conscious user.

"Secure is relative," software security expert Dennis Batchelder wrote in an email to PCMag. Batchelder, who formerly directed Microsoft's antivirus division, said that ultimately there should be no expectation of privacy with any messaging app.

So Allo, which launched this week, is the latest entrant to an insecure but relatively benign corner of the tech industry. As with Google Photos and many of the search giant's other free services, by using Allo you're helping Google train its artificial intelligence and giving up some expectation of privacy in the process. If you share sensitive or illegal content on Allo, your main risk is that Google could be hacked or subpoenaed, and as Yahoo users found out this week, no amount of privacy controls or encryption can guard against that.

"I think what people are really up in arms about is the fact that these messages are stored, potentially forever, on Google servers which can be subpoenaed by law enforcement and used as evidence against the user," Kleczynski wrote. "Folks who use this app will become more and more comfortable with the collection, storage, and analysis of their private messages, something that could potentially lead to a future without privacy."

Google did not immediately respond to a request for comment.

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Tom Brant

Deputy Managing Editor

I’m the deputy managing editor of the hardware team at PCMag.com. Reading this during the day? Then you've caught me testing gear and editing reviews of laptops, desktop PCs, and tons of other personal tech. (Reading this at night? Then I’m probably dreaming about all those cool products.) I’ve covered the consumer tech world as an editor, reporter, and analyst since 2015.

I’ve evaluated the performance, value, and features of hundreds of personal tech devices and services, from laptops to Wi-Fi hotspots and everything in between. I’ve also covered the launches of dozens of groundbreaking technologies, from hyperloop test tracks in the desert to the latest silicon from Apple and Intel.

I've appeared on CBS News, in USA Today, and at many other outlets to offer analysis on breaking technology news.

Before I joined the tech-journalism ranks, I wrote on topics as diverse as Borneo's rain forests, Middle Eastern airlines, and Big Data's role in presidential elections. A graduate of Middlebury College, I also have a master's degree in journalism and French Studies from New York University.

Read Tom's full bio

Read the latest from Tom Brant