Google's Allo chat app uses some well-known encryption, but not by default

End-to-end encryption isn't set by default

Google Allo app

Google debuted a shiny new chat app called Allo during its IO 2016 conference today, and while it's a fresh take on messaging, one element of the app is actually quite familiar.

Turns out Allo's end-to-end encryption is built on the Signal Protocol, the same standard used to power encryption in WhatsApp and the Signal app.

"We've been collaborating together on the integration of Signal Protocol into Allo, which will bring all of Signal Protocol's strong encryption properties to Allo's incognito mode," wrote Open Whisper Systems, creator of the protocol, in a blog post. It promises "more technical details and a summary of the integration when the app is available"

Signal is open source, allowing any app to utilize it for greater security. It's found in a number of popular messaging apps, with WhatsApp the largest to make use of it.

Not by default

WhatsApp turned on full end-to-end encryption by default for all its 1 billion users in April. If you're thinking, "Alright, Allo is ultra-secure!", pump the brakes for a sec.

Unlike WhatsApp, Allo's encryption isn't set by default since you need to go into Incognito Mode to activate it.

This is worrisome as you might accidentally send a message you wanted encrypted as, well, not encrypted, if you forget to switch to Incognito Mode. It also leaves you vulnerable to those who might want to see your messages - such as law enforcement or even Google itself.

The not-by-default nature of Allo's encryption has already caught the ire of security advocates. What's more, as noted by TechCrunch, Allo's most helpful features won't be so helpful if it can't see what you're talking about.

Others have argued that opt-in end-to-end encryption at this point is better than none at all, but how many users bite when Allo becomes available later this summer remains to be seen.

Article continues below