Google announced at its I/O conference that its upcoming ‘Allo’ messaging app will not only offer end-to-end-encrypted Incognito Mode, but also introduce new message retention practices, storing messages only transiently rather than indefinitely. However, the company seems to have backtracked from its bold privacy claims, since the version of ‘Allo’ released today will store all non-incognito messages by default, contrary to Google’s earlier statements (via TechCrunch).
Allo does store your messages on Google’s servers indefinitely — that is, until you decide to delete them (and even then, the message is still stored until the people you were chatting with also delete their side of the conversation). That’s similar to how it handles your emails and Hangout messages, too, but in the post-Snowden age, expectations about privacy — especially for new products — are higher.
If messages are stored on Google’s servers, after all, then a government agency could get a warrant and get access to them.
This means that similar to Hangouts and Gmail, Allo messages will be encrypted between the device and Google servers, and stored on servers using encryption that leaves the messages accessible to Google’s algorithms. Apparently the only way to prevent Google from storing Allo chats is by using its Incognito mode, but then you not be able to take advantage of the features that make Allo an interesting messaging service.
— Edward Snowden (@Snowden)
While Google claims that the change was made to improve Allo’s smart reply feature, which generates suggested responses to a given conversation, Allo messages will nonetheless be accessible to lawful requests by default.