At the CPFP conference last week I learned that the European Commission wants to impose interoperability requirements on Android, to allow third party AI services the same unrestricted access to an Android smartphone as Google’s own Gemini AI agent has. This is a bad idea.
The Commission proposes, among other things, the following requirements on Android.
Third party AI services must be invocable through their own customised wake word, or through the system-wide access point in the user interface, like a long press on button or a certain swipe action.
Third party AI services should be able to access the data other installed apps store on-device. They should also have access to the microphone and other sensors, as well as the display surface.
Third party AI services should be able to autonomously control the apps installed on a user device, and the settings of the operating system. This ensures that AI-powered services can integrate with the applications on the user’s device and perform tasks within these applications.
Third party AI services should have the same access to processing and storage resources as Gemini has, to allow them to execute tasks with high levels of performance, availability and responsiveness.
The idea of this proposals is to ensure that third party AI services do not have a disadvantage compared to Google’s own Gemini model that has all these special features on Android. This is very understandable.
The issue was raised by Gary Davis from Apple in a panel on “The role of operating systems in trusted AI”. Now I am generally sceptical of the interoperability-hurts-privacy-and/or-security trope incumbents like Apple like to spread. But clearly offering applications unfettered access to system and app resources creates all kinds of security and privacy risks. Which is exactly why many have pushed for a fine grained permission model on operating systems like Android and iOS.
In other words: the fact that Google offers its own Gemini such unrestricted access to system and app resources should not imply that other third party AI services should enjoy the same privileges. Instead, the commission should forbid even Google’s own Gemini to have such privileged access.