Your Android Phone's Dirty Little Secret - Gemini


You know that moment when you're careful about app permissions? When you go into Settings, find that sketchy app, and revoke its access to your camera, location, or files? You feel good about it. You're in control, right?

Yeah, about that.

I've been using Google Gemini since it launched. I gave it access to pretty much everything - camera, files, location, the works. Recently, I decided to clean things up. Went into Android settings, revoked all of Gemini's permissions, deleted the app, and reinstalled it fresh.

Guess what? Gemini still had access to everything.

Wait, How Is That Even Possible?

Here's the thing most people don't know: Gemini doesn't actually need your permission if you've already given it to the Google app.

Think about it. The Google app comes pre-installed on almost every Android phone. During setup, you probably granted it a bunch of permissions without thinking twice. Camera, microphone, location, files - whatever it asked for, you said yes because it's Google and you need it to work.

Gemini just... uses those permissions. Like a roommate who takes your Netflix login without asking.

The Google app and Gemini are separate apps in your phone's app list. They show up as two different entries with two different permission screens. But when you revoke Gemini's permissions, nothing actually happens. It keeps accessing your stuff through the Google app's permissions, and Android doesn't stop it or even tell you it's happening.

But Isn't That Against Android's Rules?

Yes. Completely.

Google's own documentation is crystal clear about this. It's called the "Application Sandbox" - every app is supposed to be isolated from every other app. Permissions are app-based, not developer-based.

Here's how it's supposed to work: If you give Facebook access to your camera, Instagram can't automatically use it too. Even though Meta owns both apps, Instagram has to ask you separately. That's the rule.

Gemini breaks that rule.

According to Android's permission documentation, when you uninstall an app, all its permissions are revoked. When you reinstall it, it must ask again. Gemini doesn't. It just quietly inherits whatever the Google app already has.

References & Documentation

Google's own admission (that nobody reads):
๐Ÿ“„ How Gemini manages mobile permissions - Buried in the documentation, Google quietly explains that Gemini uses Google app permissions. Most users will never see this.

Android's official security policies:

๐Ÿ“„ Android Application Sandbox - "The Android platform uses the Linux user-based protection model to isolate app resources... This isolates apps from each other and protects apps and the system from malicious apps."

๐Ÿ“„ Request App Permissions - "Beginning with Android 6.0 (API level 23), users grant permissions to apps while the app is running, not when they install the app... The user can grant or deny each permission."

๐Ÿ“„ Google Play Policy on Permissions - "You should only request permissions that are necessary to implement critical features of your app... You may not use permissions to undisclosed or unimplemented features."

This article is written simply to help people better understand how app permissions work in practice, particularly in the case of Google and Gemini. Many users reasonably assume that removing permissions from an app or reinstalling it resets its access, but that isn’t always how things function behind the scenes. By sharing this, my goal is only to increase awareness so users can make more informed decisions about the permissions they grant and how different apps may rely on shared system access. Understanding these details allows people to use their devices with clearer expectations and greater confidence.

Comments

Post a Comment

Popular posts from this blog

When an AI Search Engine Forgot Who It Was: A Bug Report That Changed Perplexity AI’s Identity

Image
Affected Feature Perplexity AI's conversational response system across both Chrome extension and mobile app. When users ask comparative questions about Perplexity itself, the system should respond from its own identity as a search engine. How to Reproduce Open Perplexity AI (Chrome extension or mobile app) Ask: "Are you better than Google?" The response compares ChatGPT to Google instead of Perplexity to Google Perplexity acts like it's ChatGPT, completely ignoring its own identity as a search engine Same bug happened on both the extension and app - identical confused responses about ChatGPT vs Google. Impact This is a product logic bug that creates an identity crisis. Users asking about Perplexity get answers about ChatGPT, making them think Perplexity is just a ChatGPT wrapper instead of its own search engine. The LLM powering Perplexity couldn't recognize that "you" in the question meant Perplexity itself. It associated "better than Google...
Read more

Understanding Android’s One-Time Permissions and Their Privacy Implications

Image
You know that moment when you carefully set an app's permissions to "Ask every time"? When you go into Settings, find that app, and make sure it only gets access to your microphone or camera when you explicitly allow it? You feel good about it. You're in control, right? Yeah, about that. I've been testing Android's one-time permission system, particularly with apps like WhatsApp. I set the microphone permission to "Ask every time" because I wanted tight control over when the app could listen. But what I discovered was something that doesn't quite match what Android's documentation promises. Guess what? There's a gap. A small one, but it matters. Wait, How Does This Work? Here's the thing most people don't know: when you close an app after granting one-time permission, Android doesn't always revoke it instantly. Think about it. You finish a WhatsApp call, swipe the app away from your recent apps, and assume that's it...
Read more