Probably not, but the hilarious thing is that a year or so after attacking Telegram for that, the developers of Signal took a substantial chunk of cash from Google to promote Allo as using Signal Protocol and end to end encryption, even though it's disabled by default so Google can mine your chat history for ad targeting (and enabling it has the inconvenient side effect of disabling your own local chat history).
Basically, it's about the cash. Signal's business model is to convince everyone that their protocol is the only secure one and charge everyone to licence it. If that means promoting non-E2E services that store and mine chat history, that's fine so long as they pay up.
The protocol is publicly described. They've blogged about it. I can imagine people being able to reconstruct it from memory.
The first Google result for "signal protocol license" is https://whispersystems.org/blog/license-update/ , clarifying that it's under GPLv3 (i.e., patent grant) with an exception for the App Store. Has anyone paid money to license the protocol? Has Signal asked for money? Is it even possible to give them money for the protocol?
GPLv3 is cool as open source goes, but is pretty restrictive. Basically you can't link to it and distribute your app without it being open source. A company like Google can probably not use it.
What I meant with GPLv3 is "and they are even willing to grant any patent rights to the general public". I don't know if they hold patents on it, but if they either don't, or are willing to license them freely, then you can implement the protocol from the public documentation of it.
That's not true. The patents grant in GPLv3 or other licenses (like APL) only holds if you're actually using that project in your work. So either you fork the GPLv3 project, and comply with a compatible license, or you don't have a patents grant.
This is basically why Google could be sued by Oracle, because Dalvik and their class library based on Apache Harmony were not a fork of OpenJDK.
Of course I cannot speak for Signal's protocol. Maybe it has no traps. I'm just commenting on that license. It's a strong license that makes some demands: good fit open source but bad for Google.
Sorry, I am being unclear. I don't mean that GPLv3 gives you a patent grant for all implementations, yes. I mean that the willingness to license code under GPLv3 means that there's an upper bound on how much Open Whisper Systems cares about licensing the protocol for money.
Which brings me back to the original question—why do we think that OWS's pushing of Signal Protocol is about money? Yes, I expect that for Allo they got paid by Google to write and maintain some code. But I don't think that their general claim "Signal Protocol is good crypto for everyone solving this problem" is motivated by money, because so many people solving this problem could use the GPLv3 version.
Is Allo using the same code, or a different implementation?
(And it's not so obvious to me. The thing I linked is licensed under GPLv3 + MPL if used on the App Store. You can totally ship an Android app that runs a separate GPLv3 subprocess, and an iOS app that uses it under the terms of the MPL. The GPLv3-subprocess thing is what JuiceSSH does for running Mosh.)
It does not use end-to-end encryption for normal chats. They're encrypted only during transport on the network, but stored as plain text on the devices and on the Telegram servers in order to make multi-device sync and searching easier. Only "Secret chats", which are restricted to one device on each side, are encrypted end-to-end.
If their own FAQ is correct, then definitively NO.
Q: So how do you encrypt data?
We support two layers of secure encryption. Server-client encryption is used in Cloud Chats (private and group chats), Secret Chats use an additional layer of client-client encryption. All data, regardless of type, is encrypted in the same way — be it text, media or files.
Our encryption is based on 256-bit symmetric AES encryption, RSA 2048 encryption, and Diffie–Hellman secure key exchange. You can find more info in the Advanced FAQ.
Multi-device support and message sync do not necessarily preclude end-to-end encryption. Of course, it's a lot easier to accomplish these without end-to-end encryption.
Wire [1] (which I discovered a few months ago) is a platform that has end-to-end encryption, multi-platform support and multi-device sync. It also has text chats, voice calls, video calls, doodling, etc. The UX still needs a lot of improvement (compared to Telegram).
Basically, it's about the cash. Signal's business model is to convince everyone that their protocol is the only secure one and charge everyone to licence it. If that means promoting non-E2E services that store and mine chat history, that's fine so long as they pay up.