Google stores ‘transient’ Allo messages until you delete them

Back when Google first announced its brand-new chat app Allo, the company told The Verge it would only store messages “transiently,” not indefinitely. But since May, when the app was first announced at Google I/O, things have changed a bit in that regard. A Google spokesperson confirmed that messages are now stored on Google’s end as long as that chat history is available on your personal device. But once you choose to delete the history, it’s also deleted on Google’s end — so users do have control over just how long their messages persist for.

Google told me that it made this change after the company pushed the app out to wide testing around the company; it found that the experience was better when it saved chat history for longer. That history helps Google with things like the app’s auto-reply features, which work better the more data is available for Google to analyze.

For the end user, this means that your messages are stored on Google’s servers, in the same fashion that Hangouts messages and emails from your Gmail account are. The messages are still encrypted between your phone and Google’s servers, and they’re stored using encryption that Google can open up so it’s accessible to their machine learning processes.

If both you and the other participant in your conversation choose to delete a conversation, though, the messages will be removed from Google’s servers. And if you want extra privacy, you can use Allo’s incognito mode, though you won’t get the benefit of the Google Assistant that sets the app apart from other options. Deleting the app itself from my iPhone also deleted all the content of the conversations I was having — but again, if my friends didn’t delete those chats, they’re still out there on Google’s servers.

For most users, this probably won’t be a deal-breaker — it’s not really any different than how most of Google’s many other communication products behave. But there’s also no doubt that there’s been increased attention given to the privacy and security of your online communications. If that’s a concern to you, Allo might not be the best option for you.

Via: The Verge

Engadget RSS Feed

‘Pokémon Go’ on iOS is digging deep into linked Google accounts (update)

If you spent your weekend wandering around capturing cartoon monsters on your phone, you’re likely one of millions addicted to Pokémon Go, the latest mobile game sensation. But if you played the game on an iPhone and signed in with your Google account, you also just handed the keys to your entire Google account to Niantic, the developer behind the game. As pointed out by Adam Reeve, a principal architect at Red Owl analytics, nothing in the sign up process indicates that you’re giving the app full access to your account.

Indeed, according to the Google help page, this means that the application will now be able to “see and modify nearly all information in your Google account.” That means that Niantic — and, more importantly, anyone who has access to Niantic’s servers — will be able to read and access all your email, your Google drive docs, your search history, your private Google Photos and a lot more. To be clear, this wouldn’t be a problem if you signed up for the game using Pokemon’s own “Trainer Club” account, but Pokemon’s servers appear to be down. Also, while this full access issue appears to happen predominantly on iOS, a few Android users have reported the same as well.

We’ve reached out to Niantic and to Google to get more information about what happened here. Right now, we hear they’re still trying to clarify what’s going on and we’ll update you on their response if any. For now, however, we recommend revoking Pokemon Go’s full account access by heading to this link and clicking “Remove.” The game should still function if you have it open, but you’ll probably have to reauthorize (and re-revoke) on future sign-ins.

Update: Good news! Niantic Labs and The Pokémon Company issued a response to Engadget, confirming that it’s not actually reading your emails. Still, it has far more access than is necessary for the game and the company says that while it’s working on a fix for the client to only request the correct permission, Google will reduce Pokémon Go’s access on its end ‘soon.’

Just in case there’s any remaining confusion about what the app does or doesn’t have access to, enter Slack security dev Ari Rubinstein. He’s tested out the OAuth token used by Pokémon to see what has access to in a Google account, and posted the results on GitHub. Ultimately, what he’s found is that the problem is likely more related to use of an out-of-date API that caused Google to display a message showing it had “full access” to your account, even though the app ultimately does not have permission to access things like your email or calendar even if it wanted to.

We recently discovered that the Pokémon Go account creation process on iOS erroneously requests full access permission for the user’s Google account. However, Pokémon Go only accesses basic Google profile information (specifically, your User ID and email address) and no other Google account information is or has been accessed or collected. Once we became aware of this error, we began working on a client-side fix to request permission for only basic Google profile information, in line with the data that we actually access. Google has verified that no other information has been received or accessed by Pokémon Go or Niantic. Google will soon reduce Pokémon Go’s permission to only the basic profile data that Pokémon Go needs, and users do not need to take any actions themselves.

For more information, please review Niantic’s Privacy Policy here: https://www.nianticlabs.com/privacy/pokemongo/en


Source: Adam Reeve

Engadget RSS Feed

New Google Maps ads will drop branded pins on your search results

Yes, Google builds plenty of useful and fun products, but don’t ever forget — the company is first and foremost an advertising business. As such, today the company is announcing a number of updates to its various advertising products to help brands do a better job at reaching the billion-plus people using Google’s core services like search, Gmail and Maps.

The change that’ll probably be most noticeable to Google’s end users comes to Maps, a particularly valuable product for the company — Google says that nearly a third of all mobile searches are related to specific locations, and lots of those searches likely end up with the user in Google Maps. So now, when you’re looking at Google Maps on your phone, you’ll see the occasional “branded pin.” It’s similar to the red pin that shows up when you do a search, but it contains a brand’s logo right in it. These will show up when you’re looking at a map or looking at the navigation view in Google Maps.

Google is also offering brands and advertisers more customizable product pages within Google Maps itself. If you tab through to an advertising business’s detail page, you’ll be able to search a store’s local inventory or redeem special offers (if the store chooses to offer those options, that is). During a press briefing, we saw a Best Buy that offered 10 percent off iPhone accessories and a Starbucks that offered a dollar off your drink when you tapped through to the specific location details.

Obviously, none of us really want more ads in our products, but it’s an inevitability when dealing with Google. And there are worse things than having the option to save a few bucks if you need to hit a big-box store or chain. Hopefully Google and advertisers will exercise some restraint when using this tool, which will start popping up on iOS and Android over the coming months.

Source: Google

Engadget RSS Feed