Google Assistant In Allo Revealed Your Search History In a Conversation Without Your Permission, Now Patched

Google Assistant In Allo Revealed Your Search History In a Conversation Without Your Permission, Now Patched

We may earn a commission for purchases made using our links.

A recently discovered flaw in the Google Allo messaging application has raised concerns over users’ privacy. According to a report from Recode, Google Assistant in Allo can reveal your Google search history details without your permission while in the middle of a conversation.

Before Google Assistant started rolling out to all devices running Android 6.0+, using Google Allo was the only way to access Assistant on non-Pixel (and non-rooted) devices. While not as powerful as the voice-based Google Assistant, Allo’s Assistant can perform many useful conversational tasks such as suggesting the best restaurants around you, setting reminders, giving you weather updates and more thanks to Google’s AI.

As discovered by Recode‘s Tess Townsend while testing the application with her friend, when the friend asked Assistant to identify itself, instead of answering the question, the Assistant responded with a search result containing a link to a Harry Potter fan site called Pottermore. The search result that Assistant brought up in the conversation was actually from a search query that the friend had made a few days earlier. Now, many of you probably have experienced the Assistant in Allo sometimes respond with unrelated answers or respond to an earlier question, but this time the situation is different. As you can see in the screenshot of their conversation below, the friend had simply asked the Assistant to identify itself, but Assistant somehow decided to bring up the search result regarding Harry Potter and The Order of The Phoenix.

Interestingly, neither Ms. Townsend nor her friend had mentioned anything related to Harry Potter in the chat until Allo brought it up. Assistant is supposed to ask for permission while dealing with data which may include personal information, but in this case, the Assistant didn’t ask for permission before sharing information about Harry Potter.

After disclosing this flaw publicly, Google has confirmed to Recode that they have fixed the flaw:

 “We were notified about the Assistant in group chats not working as intended. We’ve fixed the issue and appreciate the report.”

Source: Recode