Google Gemini "Evil Twin" update lets Android AI interact with sensitive apps

Controversial and ever-so-slightly creepy new Android feature is enabled by default and gives Google's AI access to apps including WhatsApp.

Google Gemini "Evil Twin" update lets Android AI interact with sensitive apps

Security professionals have slammed Google after it issued an update that lets Gemini interact with apps and overrides users' previous privacy decisions - a move that has sparked fears the AI could potentially access sensitive data.

Last week, Google emailed Android users to inform them that its AI model is now capable of interacting with third-party applications. This feature will be switched on by default, raising questions about whether it can read WhatsApp messages or other private information.

The model was previously capable of performing similar tasks through a feature called Gemini Apps Activity, which could be easily switched off. This feature saved details of its app interactions and collected data that Google uses to improve its products and train AI models.

Now Gemini can access applications even when users do not activate the Apps Activity feature, which we've dubbed "Evil Twin". It's been claimed that the controversial functionality can only be turned off by disabling Gemini itself, although this point is unclear.

Google has previously admitted that conversations with Gemini Apps can be handed to "human reviewers (including service providers)" to "read, annotate and process".

A letter from Mountain View

The email Google sent to users said: "We’ve made it easier for Gemini to interact with your device. We’re updating how Gemini interacts with some of the apps on your Android device.

"Gemini will soon be able to help you use your Phone, Messages, WhatsApp, and utilities on your phone, whether your Gemini Apps Activity is on or off."

Google claimed the update is "good news" because people can ask Gemini to perform simple tasks like sending messages or setting alarms.

Machine is generally unbiased and neutral in all things. But when it comes to smartphones, we'd rather be roasted alive in a brazen bull than use an Android device. So forgive us for a little ignorance around all things Android.

Our understanding is that users can switch off Gemini Apps Activity so that future conversations with the AI assistant will not be reviewed by human annotators or used to train machine-learning models - unless users explicitly choose to send feedback.

However, chats may still be stored in a user’s account for up to 72 hours, regardless of whether the setting is enabled or not. This short-term retention is used to deliver services, ensure safety and security, and process any user-provided feedback.

READ MORE: Google Willow sparks "quantum apocalypse" crypto flash crash panic

Users can manage which apps are connected to Gemini through a dedicated settings page at gemini.google.com/apps or via the Gemini settings menu. If access to specific apps is disabled, Google states that Gemini will not be able to pull data from those services, regardless of the Apps Activity setting.

Frankly, the whole thing is dreadfully unclear, so you'd be forgiven for being confused.

In a statement sent to Machine, a Google spokesperson said: "This update is good for users: they can now use Gemini to complete daily tasks on their mobile devices like send messages, initiate phone calls, and set timers while Gemini Apps Activity is turned off.

"With Gemini Apps Activity turned off, their Gemini chats are not being reviewed or used to improve our AI models."

What are the security application of the Google update?

As news of the update broke, security leaders issued stern warnings about its potential impact.

Dray Agha, senior manager of security operations at Huntress, said, "This default 'App Content' permission fundamentally weakens Android’s security model. Granting Gemini broad access to third-party app data without explicit user consent creates a high-risk attack surface. If compromised in any way, malicious actors could exploit this pathway to harvest sensitive information, ranging from banking details to private messages.

Agha advised: "Google must prioritise user-controlled opt-in permissions, not opt-out mechanisms buried in settings. While users should immediately revoke Gemini’s 'App Content' access in Android settings, this is a stopgap, not a solution. The burden to secure devices shouldn’t fall solely on consumers. Google must redesign this feature to enforce strict least-privilege access by default.

"Until then, we recommend disabling app-linked AI integrations entirely for enterprise environments or high-risk users. Proactive defence is critical when defaults favour convenience over security."

READ MORE: Is this Google and Apptronik's vision of the robot takeover?

 Muhammad Yahya Patel, Global Security Evangelist & Advisor, Office of the CTO at Check Point Software, added: "Attackers are likely to target Gemini first, as compromising it could serve as a gateway to access other applications and services on a mobile device. Overly permissive functions may allow Gemini to carry out actions that users are either unaware of or did not explicitly approve.

"There’s also a risk that Gemini could begin using personal data to profile users for information-gathering purposes. The potential for access to sensitive data is a significant concern; mobile devices are rich sources of personal information that users highly value. Additionally, app metadata may be collected and fed into the model without clear transparency. We can also expect to see a rise in malicious apps masquerading as enhancements to Gemini."

Do you have a story or insights to share? Get in touch and let us know. 

Follow Machine on XBlueSky and LinkedIn