Google Allo Bug Leaks Your Search History To Your Recipients

A bug in Google Allo can reveal your search history to your recipients, Recode's Tess Townsend uncovered. The issue is not only connected to Google Allo but also the Google Assistant that the company recently started rolling out to more users. The fully fledged version of the Google Assistant can be activated during any conversation in Google Allo, which is what's probably causing the bug that's raising some major privacy-related concerns.

As it turns out, the Google Assistant may share your search history with your recipients in Google Allo in case it doesn't fully understand a query and tries to answer it with some of your previous inquiries. In this particular scenario, one user asked the Google Assistant to start identifying itself as a bot in the future, to which the voice-enabled companion answered with a link to Pottermore, a Harry Potter fansite. The link in question led to some passages from Harry Potter and the Order of the Phoenix, and while it may seem unrelated to the command given to the Google Assistant, the AI companion didn't provide it at random. Instead, the link was pulled from their search history as they later revealed that they were looking at that particular page several days prior to the conversation which uncovered the bug. The Google Assistant posted that link automatically and both participants were able to see it. A screenshot of the conversation that led to this discovery can be seen below.

While the Mountain View-based tech giant added some privacy mechanisms to its voice-enabled digital helper that were meant to prevent this type of situations from happening, they obviously aren't perfect and are still prone to lapses. Another screenshot in the gallery below shows how the Google Assistant is supposed to handle potentially sensitive information that users ask it to share in a conversation with another party. When asked about the name of its owner, the companion responds with a question regarding whether it's allowed to share that information in a conversation and only does so when given explicit permission. It's unclear why the Google Assistant didn't ask the same thing before sharing a part of a user's search history in the aforementioned example and why it displayed identical behavior when asked about its owner's workplace address, but hopefully Google sheds some light on this issue soon.

You May Like These
More Like This:
About the Author
2018/10/2018-10-23.jpg

Dominik Bosnjak

Head Editor
Dominik started at AndroidHeadlines in 2016 and is the Head Editor of the site today. He’s approaching his first full decade in the media industry, with his background being primarily in technology, gaming, and entertainment. These days, his focus is more on the political side of the tech game, as well as data privacy issues, with him looking at both of those through the prism of Android. Contact him at [email protected]
Android Headlines We Are Hiring Apply Now