Showing posts from May, 2016

Security and Privacy in Google Allo

Disclaimer: This post is solely my personal opinion, as someone from outside the team who consulted on security for Allo.

Update: I erased a paragraph from this post because it's not cool to publicly discuss or to speculate the intent or future plans for the features of my employer's products, even if it's just my personal opinion.

(I want to thank K.B. and Thiago Valverde for a lot of thoughtful discussions that help me understand what normal users really need when it comes to privacy)

Unless you've been living under a rock this morning at the keynote of I/O 2016 Google announced a new messenger app called Allo. I'm not part of the Allo team, but I consult them on security, and in this post I want to share with you how I think about privacy and security in our new app.

Allo offers two chat modes: normal and incognito. Normal is the default, but incognito can be activated with one touch. I want to stress that both modes encrypt chat messages when they are in transit…