Email
Password
Remember meForgot password?
    Log in with Twitter

article imageGoogle Allo caught leaking search data to other users

By James Walker     Mar 14, 2017 in Technology
Google's new Allo messaging app could be a security risk owing to a design flaw which allows the app to share your Google search history with your friends. The problem is believed to be an unintentional bug. Allo's security has previously been criticised.
Allo is one of Google's headline mobile apps. Supposed to make messaging simpler and faster, it's slowly climbing up app store charts in pursuit of Facebook Messenger and WhatsApp. It features integration with Google Assistant, the company's artificial intelligence that lets you ask Google questions within your chats.
Assistant's functionality could have serious privacy implications, according to a report from Recode. The news site discovered Assistant can reveal your search history data to your friends, due to flaws in the mechanisms that let it intelligently answer questions. If you ask Assistant a query while in a chat with a friend, the AI could inadvertently reveal information from your Google account.
In one conversation, Recode observed Assistant using data from a previous search query to respond to a question in Allo. When the third-party user asked Assistant to identify itself, it incorrectly interpreted the question. It fell back to a response to an earlier query, displaying a link to Harry Potter fan site Pottermore. Harry Potter had not previously been mentioned during the conversation.
In another example, Assistant responded to the query "What is my job?" by displaying a Google Maps image of a former address added to the Maps app. It added the potentially sensitive information directly into the communication without displaying any warning, letting the recipient immediately locate the place on Maps.
The triggers that cause Assistant to behave in this way when chatting in Allo haven't been identified. Google has confirmed that the AI is working outside of its design, admitting something's wrong. The company now claims to have fixed the issue. Further testing will be required to verify this.
"We were notified about the Assistant in group chats not working as intended," Google said to Recode. "We've fixed the issue and appreciate the report."
The unexpected behaviour highlights the potential risks of allowing cross-service bots to communicate on your behalf. Google's apps are tightly bound together so Assistant can easily reach into Maps or Gmail to get more information. In these instances, it appears to have lost the context of the data. While it's evident to humans that messaging in Allo is different to searching something on the web, the assistant failed to recognise the implications of another person being present.
Google is continuing to promote Allo as its primary messaging app for consumers. It recently unveiled the reinvented Hangouts, pitching it firmly as a business-only solution. That leaves Allo as the preferred way to communicate with text on Android, making any privacy-compromising bugs a serious cause for concern.
Google backtracked on implementing full end-to-end encryption – one of Allo's original headline features – before the app even launched, due to compatibility issues with Assistant. As the app struggles to become mainstream, further privacy setbacks won't help its cause.
More about Google, google allo, Messaging, Apps, Ai
 
Latest News
Top News