Skip to main content
CybersecurityHacking

EU Orders Google to Open Android to Rival AI Assistants

Smartphone on a neutral surface with blurred background and abstract screen pattern.

"It threatens device security by granting external apps sensitive and powerful device permissions," said Kent Walker, Google's president of global affairs, responding to a European Commission order that will force Google to give rival AI assistants broad access to Android sensors and system features.

The Commission's concrete orders and the timetable

On 16 July the European Commission adopted two binding specification decisions under the Digital Markets Act. One compels Google to grant third‑party AI assistants on Android the same sensor and system-level access that Gemini already enjoys: camera, microphone, screen contents, a wake word usable with the display off, and the ability to operate other apps in the background by simulating taps and typing. Google must implement these changes in its next major release, Android 18, with a deadline no later than 1 August 2027.

The second decision requires Google to supply anonymised Search query, click and ranking data to rival search engines and AI chatbots that perform search, for a cost‑based fee. Neither decision is a fine; both are specifications that gatekeepers must build under the DMA. Android runs on roughly 60% of European mobile devices, making the rulings operationally significant across the EU.

Which Android features are opened, which can be gated

The Android measures cover 11 operating‑system features. Five are designated "restricted features" that may require certification: centralised access to on‑device opt‑in data (today AppSearch); context‑aware intelligence (the always‑on machinery behind features like Magic Cue); structured on‑device integration (App Actions and App Functions); screen automation (Android's Computer Control); and system integration including settings, media, screenshots, notifications and power.

Paragraph 55 of the decision explicitly targets Google’s own apps: a certified assistant may retrieve and draft Gmail, create and manage Calendar events, pull content from Drive and Docs, trigger Maps navigation, control YouTube playback and query watch history, read and write SMS/MMS/RCS in Messages, and place phone calls.

Six other features carry no certification requirement: ambient data (microphone, system audio, camera, screen contents, location and sensors), always‑on hotword detection (low‑power DSP capable of working with a locked screen), long‑press invocation, system‑level on‑device models, third‑party model implementation, and background execution. Paragraph 119 opens these to all third parties, including user‑installed apps, and bars Google from restricting the type or use case of the app that calls them.

The Qualified AI Assistant Programme and certification mechanics

For the five gated features Google must create a Qualified AI Assistant Programme. Third‑party Trusted Certification Authorities (TCAs) can certify assistants free of charge; Google must accept those certifications without additional conditions and may not revoke them. Google will set the TCA programme terms and decide who may act as a certifier, but those terms must be reasonable, non‑discriminatory and cleared with the Commission two months before any change.

The certification bar is capped: Google may test whether an assistant reconfirms user intent before sensitive or irreversible actions, whether it minimises inadvertent data disclosure, whether it meets baseline mobile app security, and whether it is hardened against agentic risks. Anything beyond those limits requires prior Commission approval. Suspension of a certified assistant is allowed only on the basis of a consistent body of evidence of practices causing severe and immediate harm, shared with the Commission and TCAs; appeals must be decided within a month. Draft programme terms are due 1 February 2027, with final terms and open applications by 1 May 2027.

Search dataset: anonymisation, eligibility and timing

The Search dataset's anonymisation method runs three passes: strip direct identifiers and stitchable attributes (usernames, IPs, precise timestamps, input format); suppress records that contain rare identifying terms (full names, passwords, street addresses, bank account numbers) or unusually long queries; and generalise metadata until every user falls into a group of at least 1,000 sharing location, device type and query language, with 95% of users in groups of 29,000 or more.

Recipients must average 50,000 monthly EU users over the past year, cannot be sanctioned, and cannot be controlled by countries the EU treats as posing "serious and structural cybersecurity or data protection risk." Data will arrive at least seven days stale and is cut off after five years per beneficiary. Google must publish an eligibility form and beneficiary webpage by end‑August, deliver the finished dataset by November, and publish pricing by January 2027.

What this means for technologists, policymakers, and end users

  • Technologists and security teams: The measures force new attack‑surface considerations. The decision explicitly allows third‑party assistants to read notifications, SMS and screen contents — inputs that enabled the SafeBreach prompt‑injection case that hijacked Gemini's Android Utilities agent. Input risk is now a certification test item; Google writes that test.
  • Policymakers and regulators: The Commission preserved its enforcement powers beyond these specifications. It also tightened constraints: Google may not impose higher integrity requirements on third parties than it applies to itself, and must retain verifiable evidence justifying any integrity measure.
  • End users and app developers: By August 2027 a certified assistant, or an uncertified assistant a user explicitly allows, can open apps on a virtual display, read their screen and act on their behalf while the user does something else. Apps can implement blocks for sensitive views only if they wire those protections before the Android 18 beta; broader blocking options exist only if Google chooses to build them.

The immediate next steps are logistical and legal: Google must publish draft programme terms on 1 February 2027 and final terms on 1 May 2027, while implementing Android 18 by 1 August 2027. The Commission tightened a draft that originally lacked certification and many safeguards; whether Google will accept the operational consequences or mount further legal or technical challenges remains to be seen.

Original story — The Hacker News