As much as people like a good conspiracy, that would be a pretty pointless one. There are tens of thousands people at google who could look at the source code, many of them with a left-wing/civil liberties attitude.
To get all of them to stay silent, and to evade analysis of the binary is, if not impossible, simply not worth whatever they could get out of reading my messages (esp. considering their uninterrupted stream of emails to read).
It's also why the concept of "brands" makes more sense than may are willing to admit: a blatant lie such as this would probably be worse for google than VWs little problem. Reading someone's private stuff is just bound to rouse more emotions than whatever comes out of the back of your car.
It's probably easy to dismiss/justify some of those things when you can view the code yourself to see that nothing "bad" is happening (at least at the current time). It's a little harder to rectify Google blatantly lying about something e2e encryption even if nothing "bad" is happening with it.
"Allo messages will still be encrypted between the device and Google servers, and stored on servers using encryption that leaves the messages accessible to Google’s algorithms."
[....]
"The decision will also have significant consequences for law enforcement access to Allo messages. By default, Allo messages will now be accessible to lawful warrant requests, the same as message data in Gmail and Hangouts and location data collected by Android. "
> The version of Allo rolling out today will store all non-incognito messages by default — a clear change from Google’s earlier statements that the app would only store messages transiently and in non-identifiable form. The records will now persist until the user actively deletes them, giving Google default access to a full history of conversations in the app. Users can also avoid the logging by using Allo’s Incognito Mode, which is still fully end-to-end encrypted and unchanged from the initial announcement.
> Like Hangouts and Gmail, Allo messages will still be encrypted between the device and Google servers, and stored on servers using encryption that leaves the messages accessible to Google’s algorithms.
Translation:
- Incognito messages will not be logged, and will be encrypted end-to-end.
- Non-incognito messages will transit over SSL, and be stored on Google's servers in an encrypted form that they will have access to (presumably this "encryption" is to prevent hackers gaining a DB dump from getting everything in plaintext).
- Non-incognito messages will be logged indefinitely, unless a user explicitly deletes them. (This is a change from what was previously announced at Google I/O)
To get all of them to stay silent, and to evade analysis of the binary is, if not impossible, simply not worth whatever they could get out of reading my messages (esp. considering their uninterrupted stream of emails to read).
It's also why the concept of "brands" makes more sense than may are willing to admit: a blatant lie such as this would probably be worse for google than VWs little problem. Reading someone's private stuff is just bound to rouse more emotions than whatever comes out of the back of your car.