Gemini Does the Work for You – But at What Cost?

Google has taken a new step in the integration between artificial intelligence and mobile phones. The company is now launching a beta version of what is called Gemini Agent – a feature that enables the AI assistant to perform multi-step tasks on behalf of the user, without the need to control each individual step oneself. This is reported by TechCrunch.

Specifically, this means Gemini can handle the entire process of ordering food from a delivery service, shopping for groceries, or booking a taxi – from start to finish.

Limited Rollout Initially

The feature is in beta and currently supports only a selection of apps in the food, grocery, and taxi categories. Availability is geographically limited to the USA and South Korea, and the hardware requirement is strict: only Pixel 10, Pixel 10 Pro, and the Samsung Galaxy S26 series are included in the first phase.

According to Google's own descriptions, Gemini runs the necessary apps in a secure, virtual window on the device, so that the AI only has access to the specific apps it needs and not the rest of the phone. The user can monitor progress via notifications and stop the task midway.

Gemini Takes Over Android: Orders Food and Taxis Autonomously

Large Amounts of Data Collected

Behind the convenience lies extensive data collection. Gemini collects conversations – both written and spoken – prompts, generated content, feedback, and device information. These are used to improve Google's services and train machine learning models.

A key point is that Google explicitly states that human reviewers can read, annotate, and process user prompts. Some of these reviewers are not directly employed by Google. Conversations reviewed by humans are stored for up to three years – even if the user deletes their own activity.

Conversations reviewed by human reviewers are stored for up to three years – even if the user deletes their own activity.

When Gemini is connected to apps like Google Workspace, Maps, or Gmail through "personal intelligence" features, large amounts of sensitive user information are centralized. An international AI security report, prepared with contributions from over 100 leading AI researchers, warns that "AI models tend to retain their training data, creating a risk that sensitive personal information could be reproduced."

Gemini Takes Over Android: Orders Food and Taxis Autonomously

Malware Already Exploiting Gemini

Cybersecurity researchers have already documented Android malware – referred to as "PromptSpy" – that actively abuses Gemini's AI capabilities. This malware uses Gemini to analyze user interface elements on the screen and generate step-by-step instructions to achieve persistent access to the device.

The finding illustrates that generative AI on mobile can not only be exploited by the manufacturer but also by malicious actors who adapt their attacks to different device setups and Android versions.

Generative AI on mobile is not just a tool for the user – it can also be hijacked by attackers.

What Can Users Do?

Google offers several controls: users can turn off Gemini Apps Activity, adjust auto-deletion intervals, or manually delete conversation history. It is also possible to disconnect individual apps in the settings.

However, the company explicitly warns against entering sensitive information – such as passwords or payment details – directly into the Gemini chat. For such tasks, users are encouraged to manually take over the browser and enter the data directly on the website.

That such a warning is necessary says something about how deeply these AI agents are now penetrating daily digital life.