In a tweet, Snowden advised against using Allo, the search giant’s latest app, saying: "Google's decision to disable end-to-end encryption by default in its new Allo chat app is dangerous, and makes it unsafe. Avoid it for now."
His warning came after Google’s security expert Thai Duong blogged about the app’s security features.
Allo, branded as a “smart messaging app”, offers extra features when compared to other services like WhatsApp and Facebook Messenger.
Its 'smart reply' feature scans messages and suggests replies, and integrates Google’s other services like Google Search and Maps, all in a single app.
Allo also offers two privacy settings: normal and incognito.
Although messages are encrypted in both modes, the normal setting allows artificial intelligence run by Google to read messages, analyze them and provide suggestions. Only the incognito mode uses end-to-end encryption, which ensures that the messages can only be read by the people on either end of the conversation.
However, the default setting is normal, and to have further encryption a user has to manually change the privacy settings to incognito.
Thai Duong, a security expert at Google, blogged about his “personal opinion” of the new application “as someone from outside the team who consulted on security for Allo.” He edited the post after it was uploaded.
Duong wrote in an update: “I erased a paragraph from this post because it's not cool to publicly discuss or to speculate the intent or future plans for the features of my employer's products, even if it's just my personal opinion.”
This statement does not clarify what has been deleted from the blogpost.
However, Snowden explained in his tweet that the security expert was “discussing how #Allo is unsafe by default," and commented: "[The] lesson - bosses read blogs."
TechCrunch reported the deleted part of Duong’s post read: “The burning question now is: if incognito mode with end-to-end encryption and disappearing messages is so useful, why isn’t it the default in Allo?”
It is not clear whether Google told Duong to delete the paragraph from his blogpost or not.
Allo will be available this summer on both iOS and Android.
No comments:
Post a Comment