On July 7, 2025, Google Gemini app users found themselves at the center of a significant shift in data access protocols. As per updates to the privacy policy announced on June 11, 2025, the app automatically activated permissions to access essential functions on Android devices, including phone calls, messaging services, WhatsApp, and various system utilities. This change, which affects millions of users globally, has raised eyebrows among privacy advocates and legal experts alike.
Summary
Who: Google has rolled out automatic permission activation for its Gemini app, impacting a vast number of Android users worldwide who have the AI assistant installed.
What: The app now has default access to phone functionalities, messaging, WhatsApp, and system utilities, with user data potentially reviewed by humans for AI training under the updated privacy policy.
When: This automatic activation took place on July 7, 2025, following a privacy policy update that expanded data usage permissions for AI development.
Where: The changes affect Android users globally, drawing particular scrutiny from European privacy advocates concerned about compliance with GDPR regulations.
Why: By broadening Gemini’s data access, Google aims to enhance AI capabilities and remain competitive in the digital assistant landscape while also gathering additional user behavior data for machine learning and advertising purposes.
According to the revised privacy policy, user data collected through these services is utilized for AI training and may be reviewed by human reviewers, including service providers. This encompasses all photos uploaded to Gemini and chat conversations with the AI assistant. Notably, the data access remains active even if users had previously disabled “Gemini Apps Activity” prior to the July 7 activation. To regain control, users must navigate to the app’s settings: Gemini App > Profile > Apps, where they can disable permissions for phone, messages, WhatsApp, and system utilities.
Technical implementation details
Google’s privacy documentation reveals that the Gemini app processes information from users’ devices and services to enhance interaction and task completion. This includes accessing dialer functions, call and message logs, contacts, and installed applications to facilitate user engagement. The policy states that human reviewers read and annotate conversations to improve product quality and machine-learning models, with Google asserting that it takes steps to protect user privacy by disconnecting conversations from user accounts before they are reviewed.
While WhatsApp chat content is not directly accessed, the system can initiate actions such as sending messages through the app. However, the policy lacks clarity regarding similar limitations for other messaging platforms or SMS functionalities. Data retention policies differ based on user age and settings, with activity data for users aged 18 and older stored for up to 18 months by default, although users can adjust this retention period.
Privacy compliance concerns
Legal experts have voiced concerns regarding the timing of the implementation and the notification process for users. German privacy attorney Steffen Gross described the move as “bold and brazen,” suggesting that the urgency in the AI race has overshadowed regulatory compliance. The automatic activation of expanded permissions occurs without explicit user consent, leading to questions about adherence to European Union data protection regulations.
The updated privacy policy indicates that Google collects a wide range of user data, including chats, shared files, and feedback from connected apps, raising further concerns about user autonomy and consent.
Marketing industry implications
The expanded data access positions Google to collect more detailed user behavior data, which is invaluable for advertising and AI training. Digital marketing professionals have noted Google’s strategic integration of AI capabilities across its platform, aligning with a broader trend of embedding AI features into existing services without requiring user opt-in. Marketing teams utilizing Android devices for campaign management should reassess their data handling practices, as the expanded access means that conversations and app usage patterns may be subject to human review for AI training purposes.
User control options
Android users retain the ability to disable automatic access through the Gemini app interface. However, the location of these controls has drawn criticism from privacy advocates, who argue that Google has obscured the option to opt-out, necessitating navigation through multiple menu layers. Users can also manage their broader Gemini activity via Google Account settings, allowing them to review and delete past conversations and adjust data retention periods.
Industry response
The automatic permission activation has sparked considerable discussion among technology professionals and privacy advocates. A LinkedIn post detailing the changes garnered over 100 reactions, with many expressing concerns about the lack of user control over AI feature deployment. This situation reflects ongoing tensions within the industry between the demands of AI development and user privacy preferences, as technology companies strive to demonstrate ROI while adhering to regulatory requirements.
Data processing scope
Google’s privacy policy indicates that the data collected supports machine-learning development beyond just the Gemini app. This information is utilized to enhance and personalize Google products and services, including enterprise offerings like Google Cloud. The human review process involves both Google employees and external service providers, with conversations retained for up to three years, even after users delete their Gemini activity.
Global regulatory landscape
The automatic permission activation occurs amidst increasing scrutiny of big tech companies’ data practices. The UK’s Competition and Markets Authority has launched investigations into Google’s market power and data collection methods. European regulators continue to advocate for stronger user control over AI systems and data processing, and the lack of explicit consent for automatic activation may conflict with GDPR requirements.
Technical architecture
The Gemini app’s expanded access leverages Android’s permission system, integrating with core device functions. This includes access to dialer applications, messaging platforms, contact databases, and system utilities through existing Android APIs. The integration also involves Google Assistant functionality for specific actions, although direct app integrations may bypass these controls. The app’s ability to analyze screen content allows it to provide contextual assistance, extending its capabilities beyond traditional voice interactions.
Market positioning
The automatic permission activation enhances Google’s competitive edge against other AI assistants by enabling more personalized responses and predictive assistance. This strategy aligns with industry trends, where data collection for AI training has become standard practice. Marketing professionals should closely monitor how this expanded data collection influences Google’s advertising targeting and user behavior analysis, as the additional context from phone and messaging access may refine audience segmentation and campaign personalization.
Timeline
As the landscape of AI and data privacy continues to evolve, the implications of Google’s latest changes will undoubtedly unfold in the coming months, prompting ongoing discussions about user rights and corporate responsibility in the digital age.
