Google has quietly switched on default access for its Gemini AI to interact with apps like WhatsApp, even if you previously told it not to.
Android users began receiving emails last week alerting them that Gemini now has broader access to their phones. As of 9 July, the AI assistant can read and act on commands involving third-party apps, including messaging services.
“We’ve made it easier for Gemini to interact with your device,” the email read. “We’re updating how Gemini interacts with some of the apps on your Android device.”
It went on: “Gemini will soon be able to help you use your Phone, Messages, WhatsApp, and utilities on your phone, whether your Gemini Apps Activity is on or off.”
That last part raised eyebrows. Because it means Gemini can operate even if you’ve opted out of activity tracking.
This “Weakens Android’s Security Model”
Dray Agha, senior manager of security operations at Huntress, said, “This default ‘App Content’ permission fundamentally weakens Android’s security model. Granting Gemini broad access to third-party app data without explicit user consent creates a high-risk attack surface. If compromised in any way, malicious actors could exploit this pathway to harvest sensitive information, ranging from banking details to private messages.”
From the Gemini support page: “Even when Gemini Apps Activity is off, your conversations will be saved with your account for up to 72 hours to allow Google to provide the service and process any feedback.”
Google insists the AI doesn’t read your WhatsApp messages or look at your images. Instead, it says Gemini “may support some of these actions with help from Google Assistant or the Utilities app, even with WhatsApp disabled in Gemini.”
Still, the lines are blurry. Gemini’s capabilities rely on cloud processing. That means any interaction with your apps, even simple ones like “Send a WhatsApp to Jane,” is routed through Google’s servers. According to secure email provider Tuta, this architecture opens the door to a level of data sharing many users may not expect.
Attackers Will Target Gemini First
Muhammad Yahya Patel, Global Security Evangelist & Advisor, Office of the CTO at Check Point Software, says: “Attackers are likely to target Gemini first, as compromising it could serve as a gateway to access other applications and services on a mobile device.”
Patel adds that overly permissive functions may allow Gemini to carry out actions that users are either unaware of or did not explicitly approve. “There’s also a risk that Gemini could begin using personal data to profile users for information-gathering purposes. The potential for access to sensitive data is a significant concern; mobile devices are rich sources of personal information that users highly value. Additionally, app metadata may be collected and fed into the model without clear transparency. We can also expect to see a rise in malicious apps masquerading as enhancements to Gemini.”
Buried in the Support Pages
And there’s another caveat. To improve the service, Google states that “human reviewers (including service providers) read, annotate, and process your Gemini Apps conversations.” It adds: “Please don’t enter confidential information in your conversations or any data you wouldn’t want a reviewer to see or Google to use to improve our products, services, and machine-learning technologies.”
That line, buried in the support pages, may not be front of mind for users casually interacting with the chatbot.
Gemini isn’t being force-installed, yet. If you’ve deleted the app or chosen not to integrate it with your phone, it won’t be automatically added after 7 July.
But for those who do use it, the update changes the rules. Previously, turning off Gemini Apps Activity was enough to limit access. Now, the assistant can still run interactions, store chats, and connect with apps like WhatsApp by default.
As Google puts it: “Your Gemini mobile app gives you direct access to Google’s best family of AI models on your device.”
A Complicated Reality
The reality is more complicated. That “direct access” comes with a layer of human review, background storage, and shifting defaults.
For users concerned about privacy, it’s not just about what Gemini can do. It’s about what it does by default, and whether you were told clearly enough to make a real choice.
Agha has he final word: “Google must prioritise user-controlled opt-*in* permissions, not opt-out mechanisms buried in settings. While users should immediately revoke Gemini’s ‘App Content’ access in Android settings, this is a stopgap, not a solution.”
The burden to secure devices shouldn’t fall solely on consumers, Agha adds. “Google must redesign this feature to enforce strict least-privilege access by default. Until then, we recommend disabling app-linked AI integrations entirely for enterprise environments or high-risk users. Proactive defence is critical when defaults favour convenience over security.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.