Philip Houska In modern society, when the vast majority of private and sensitive information travels to the recipient thanks to communication applications, more and more people are becoming interested in whether their sent and received data is properly encrypted. Some services have such a feature set natively, others require manual activation, and the rest of the platforms do not have it at all. At the same time, this aspect should be key. Experts also agree on this, and do not recommend downloading insecure communicators at all. Among them, for example, is the new Allo service from Google.
The topic of encryption communication services became very popular in the first half of this year, mainly because the case of Apple vs. FBI, when the government demanded that Apple jailbreak the iPhone of one of the terrorists behind the attacks in San Bernardino, California. But now a new communication app is behind the buzz Google Allo, which did not take much from the point of view of encryption and user security.
Google Allo is a new chat platform based on partial artificial intelligence. Even though the concept of a virtual assistant that responds to user questions may seem promising, it lacks the element of security. Since Allo analyzes each text in order to propose an appropriate response based on the Assistant function, it lacks automatic support for end-to-end encryption, i.e. such forms of secure communication where messages between the sender and the recipient can hardly be not broken in any way.
The controversial Edward Snowden, a former employee of the US National Security Agency, who published information on the surveillance of citizens by the US government, also commented on this. Snowden has mentioned doubts about Google Allo several times on Twitter and stressed that people should not use the app. Moreover, he was not the only one. Many experts agreed that it would be safer not to download Allo at all, since most users simply do not set up such encryption manually.
Free for download today: Google Mail, Google Maps, and Google Surveillance. That's it So. Don't use Allo. https://t.co/EdPRC0G7Py
- Edward Snowden (@Snowden) September 21, 2016
But it's not just Google Allo. Daily The Wall Street Journal in his comparison points out that Facebook's Messenger, for example, does not have native end-to-end encryption. If the user wants to control his data, he must activate it manually. It is also unflattering that such security only applies to mobile devices, not desktops.
The mentioned services at least offer this security function, even if not automatically, but there are a considerable number of platforms on the market that do not consider end-to-end encryption at all. An example would be Snapchat. The latter is supposed to delete all transmitted content immediately from its servers, but encryption during the sending process is simply not possible. WeChat is also facing an almost identical scenario.
Microsoft's Skype is not completely secure either, where messages are encrypted in a certain way, but not based on the end-to-end method, or Google Hangouts. There, all already sent content is not secured in any way, and if the user wants to protect himself, it is necessary to delete the history manually. BlackBerry's BBM communication service is also on the list. There, unbreakable encryption is enabled only in the case of the business package called BBM Protected.
However, there are exceptions that are recommended by security experts compared to the ones mentioned above. Paradoxically, these include WhatsApp, which was bought by Facebook, Signal from Open Whisper Systems, Wickr, Telegram, Threema, Silent Phone, as well as iMessage and FaceTime services from Apple. The content sent within these services is automatically encrypted on an end-to-end basis, and even the companies themselves (at least Apple) cannot access the data in any way. The proof is i highly rated by EFF (Electronic Frontier Foundation), which deals with this issue.
In the case of iMessage, it is not mentioned that iMessage can be broken in another way - for example, if you back up your phone to iCloud, Apple has all the keys and can decrypt the backed up messages as well (to be able to restore everything even on a deleted device when the keys are lost or on a completely different device)…
But it's only readable by that user with their Apple ID and password or not?
(I haven't researched it, just asking)
Perhaps an unnecessarily heated article.