By Nathan Olivarez-Giles
When it comes to users' privacy, messaging apps can vary widely -- a fact that came to a head when Alphabet Inc.'s Google released its new Allo app. The messenger performs novel tricks like suggesting what to say next, but it does it by analyzing the contents of users' messages.
Edward Snowden, the former National Security Agency contractor, called the app "Google Surveillance" in a tweet, and some security experts recommended skipping the download, which was released last week.
Messaging services that are considered the most private exclusively use end-to-end encryption. That is, messages stay encrypted as they move from sender to recipient. Even if they pass through or are stored on a server, they are encrypted in a way that the service provider can't read them. Facebook Inc.'s WhatsApp, Apple Inc.'s iMessage and the Signal app by Open Whisper Systems always use end-to-end encryption.
Some apps, like Facebook Messenger and Google Allo, offer end-to-end encryption in special private messaging modes that users must turn on -- something most people don't do.
"End-to-end encryption can prevent you from being snooped on, and prevent your personal and private information from being stolen as well, " said Christopher Soghoian, an online privacy expert at the American Civil Liberties Union. "The reason why some companies like Google and Facebook don't use this by default is they're willing to sacrifice your privacy to build features like chatbots and response predictions that aren't that useful."
Google analyzes unencrypted chats to perform a service, such as suggest automatic replies or recommend restaurants and movies. Facebook Messenger does something similar using auto-responding bots. But that also means that, legally, the companies could be ordered by a court to turn chat transcripts over to government agencies.
"We've given users transparency and control over their data in Google Allo," a Google spokeswoman said. "And our approach is simple -- your chat history is saved for you until you choose to delete it."
Facebook cited several reasons for not making end-to-end encryption a default, including Messenger's multidevice presence, its rich multimedia features and its prominence on desktop web browsers.
Other services, including Snapchat and WeChat, encrypt messages as they are transmitted, so that hackers can't intercept them. But they retain the encryption keys which can access the messages. They too might be required to hand over the contents under court order.
Still, even end-to-end encryption doesn't spell 100% guaranteed privacy, say the experts.
"Encryption methods can be cracked," said Matthew Green, a privacy and cryptography expert at Johns Hopkins University, "but it's the best tool that we have in protecting ourselves in smartphone messaging apps today."
Write to Nathan Olivarez-Giles at Nathan.Olivarezemail@example.com