Google’s mobile messaging app Allo can reveal your Google search history to people you message, which could have big privacy implications. The behavior appears to be a glitch.
I noticed the problem in a recent conversation with a friend, in which I was testing the app. Allo includes Google Assistant, the company’s latest version of its virtual assistant software.
Google recently announced plans to make Assistant available on Android phones. The feature has been available on Google’s own Pixel phone and Google Home, its competitor to Amazon’s wildly successful Echo.
A unique feature of Allo is that you can use Assistant while in the middle of a conversation with a friend. You could, for example, ask Assistant to search for restaurants in a certain area, while you’re talking to a friend about where to eat.
But Assistant isn’t perfect, and sometimes it responds with answers unrelated to questions at hand, or it will respond with an answer to an earlier question — and it’s then that it can inadvertently reveal a previous search query.
In the middle of our conversation, my friend directed Assistant to identify itself. Instead of offering a name or a pithy retort, it responded with a link from Harry Potter fan website Pottermore. The link led to an extract from “Harry Potter and the Order of the Phoenix,” the fifth book in J.K. Rowling’s Harry Potter series.
But the response was not merely a non sequitur. It was a result related to previous searches my friend said he had done a few days earlier.
It didn’t come from any of my search history, since I had not viewed any Harry Potter-related websites in the days before our conversation. We also did not mention Harry Potter in our text exchange until Assistant brought it up.
Here’s a screenshot of the exchange:
Fortunately, in this case, it was just Harry Potter stuff. But you can imagine how uncomfortable it could be if something more sensitive popped up.
It appears to be a potentially damaging glitch, since it could become a major privacy issue for anyone using the app. Already, Allo has been criticized by privacy advocates because it does not use end-to-end encryption by default. Messages sent in default modes are accessible to law enforcement agencies by warrant, according to The Verge.
Update: Google responded to our story: “We were notified about the Assistant in group chats not working as intended. We've fixed the issue and appreciate the report.”
Assistant tries to safeguard against sharing private information in Allo. For example, when you ask for your own personal information in a conversation including another user, it may ask permission to share your information. But this safeguard is inconsistent.
When I asked “What is my job?” in my conversation with my friend, Assistant responded by sharing a Google Maps image showing the address at which I used to work — the adddress of a co-working space, not the publicly listed address of my previous employer. Google had the address on file because I had included it in my personal Google Maps settings. It did not ask my permission to share that.
Later in the same conversation, when I asked Assistant, “What is my name?”, the bot responded by asking me privately, “Can I share this?”
It’s unclear what caused Assistant’s behavior in the conversation with my friend, or whether that was a rare, isolated case. Whatever the problem is, it could have implications beyond Allo, as Google adds bots in other chat settings. For example, the company announced recently that it was introducing a bot, @meet, to its new Hangouts Chat app for G Suite customers.
The @meet bot compares Google calendar schedules to find a time for users to meet. This use doesn’t seem likely to reveal private information. However, there could be reason to be concerned if @meet starts sharing details about colleagues’ schedules that might be private, or if Google adds other bots with other capabilities to messaging apps.
Update: Google responded that Hangouts and @meet are not related to Assistant in Allo.
This article originally appeared on Recode.net.