AN ASSISTED VISUAL AID TO KNOWLEDGE

UNRAVELLING THE CASE OF ALLO, TOGETHER.

CREATED BY;
Jagdeesh J
For MBIS622T4

CASE TRANSPARENCY

The Big question?

Census Infographics

Googles Allo: The end of Privacy

Method to Madness

Extended Arm of Surveillance

When Information Security Policies Fail

Leave with the satisfaction of curiosity instilled

THE BIG QUESTION?

WHAT ARE YOU WILLING TO TRADE OFF FOR YOUR PRIVACY IN TODAYS WORLD?

Nothing? Thought so. Here are some statistics to help you rethink your answer;

Source: Symantec Corporation

 Manual sharing dominates social media scams, though it declined 8.2 percentage points in
September 2016 to 75.27 percent.

In contrast, Fake Offers increased 5.11 percentage points during the month of September, up
from 11.51 percent in August 2016 to 16.62 percent.

There were no new Android malware families discovered in September 2016.

The number of Android variants per family increased, reaching 56 in September 2016,
indicating that attackers could be finding success with existing Android families, as opposed to
creating new ones.

https://www.symantec.com/content/dam/symantec/docs/infographics/istr-reportingbreaches-or-not-en.pdf

https://www.symantec.com/security_response/publications/monthlythreatreport.jsp

Source: Symantec Corporation

Census Infographics Watch Closely

Most Popular Chat applications.

Population Statistics.

https://www.statista.com/statistics/216573/worldwide-market-share-of-search-engines/

Widely Used Chat Applications.

How critical has Google become?

Device Usage Statistics.

Internet Subscribers Statistics

Source: Statista 2016

A Pattern Appears.

Source: Wpd.org

Googles Allo: The End Of Privacy

Googles new Instant Messaging Client.

Googles Duo is a Video Calling-only Application launched ahead of Allo.
Single Device Limited Connectivity Use-case.
No Desktop or tablet support.
Does not require a google account.
No need for SMS protocols.

In a nutshell, Allo had a curiously incomplete product launch without fulfilling much of the
promises of a chat application of todays age.

The app had initially been announced in Google I/O with a security policy that would retain
user content (text and media) temporarily for improving quality of service purposes.

 Interestingly, before the apps launch, this policy was changed to retain user content
indefinitely.

Allos limitations are a deal breaker for hyper-connected developed countries.

All of these odd designs decisions and ad-hoc feature changes makes sense when we focus on
Googles target market: Developing Countries.

Focus on population base and device usage statistics provide a concrete indication towards
China and India.

China is first with 1.38 billion people; India is second with 1.32 billion people; and the United
States is third, with 324 million people.

China with its stringent policies and censorship mandates proves to be an unfavourable base
for Google to amass a vast user base.

Method To Madness
Plenty of Google projects targeted at India.
Allo and Duo would be "companion" apps, and users that want a typical instant messaging
feature set would have to download both.

Whatsapp remains as the dominant form of communication in India, capturing 69 percent of

Indian Internet users in Q4 2014, according to Statista.

Acquire Whatsapps user base with a Video calling application which whatsapp does not
provide.

In India, the dominant computing devicenow and in the futureis the smartphone.
Ease of Transition: Message Preview Notification & iMessage Reply
According to data from Dutch research firm TNS Infratest, March 2015 PC usage in the US
and UK were both around 75 percent. PC usage in India, by contrast, is at only 15 percent of
adults for the same period.

 According to the survey, smartphones achieve 33 percent usage by adults in

India.

Allo doesn't work on your PC, but that doesn't matter if Google is targeting
India, where fewer people use PCs.

From the statistics, March 2015, the US and UK both average around
3.3 connected devices per adult. In India, the country only averages 0.8
connected devices per adult.

Fifty-one percent of the UK adult population and 39 percent of the US adult

population use a tablet. In India, only 4.8 percent of adults have a tablet.

Both these trends perfectly fit Allos design traits and sets a clear
precedence.

Allo and Duo's SMS-based setup process is simpler than making a Google
account.

Allo will have no highly connected alternative and will be Googles only
consumer-facing Instant Messenger App.

EXTENDED ARM OF SURVEILLANCE

Allo features Googles Assistant, an AI-powered tool that can offer various in-chat features.

Google needs to be able to read your chats with your friends to provide such features.
The chats arent end-to-end encrypted, and that people could ultimately spy on you.
This policy shift by Google will enable law enforcement agencies explicit access to user
information and content.

Allos Information security policy is a black and white example of surveillance endorsement
which is an imminent information and personnel threat.

Daniel Nesbitt, research director at Big Brother Watch, says "It's important that citizens are
given enough information about what will happen to their data for them make an informed
choice about whether or not they want to use this service. This includes who may be able to
access it and where the data will be stored".

 Allo's assistant feature also requires certain

permissions to work, which users may not be entirely
comfortable granting.

A Google engineer Thai Duong, tried to explain why

end-to-end encryption was not enabled by default
and allay privacy fears around the app.

Renowned NSA Whistle-blower, Edward Snowden had

a few insights on the Google Allo case.

Soon after the google engineer modified his initial

blog post;

WHEN INFORMATION SECURITY POLICIES FAIL

This case is not a post-mortem analysis of what went wrong. Rather a case
unfolding right in front of us that could lead to one or all of the below issues.

Sensitive information divulgence and notorious identity/personnel exposition.

Would invite man-in-the-middle attacks which would leave the users
vulnerable.

Furthermore, on a constitutional level, permanent storage of user content and

sensitive information would be a breach of individual rights.

THANK YOU FOR YOUR TIME.

DONT FORGET TO READ THE EULA BEFORE ACCEPTING!

Question Time! May Be Some Answers Too