Google Gemini Android vulnerability allowing malicious notifications to manipulate AI assistant actions

Security researchers discovered a vulnerability that allowed malicious notifications from apps like WhatsApp, Slack, Signal, Instagram, and SMS to manipulate Google Gemini on Android devices. Attackers could trick the AI assistant into performing actions such as opening apps, launching meetings, controlling smart devices, or even storing false information in Gemini’s long-term memory.

Google Gemini Android vulnerability allowing malicious notifications to manipulate AI assistant actionsGoogle Gemini Android vulnerability allowing malicious notifications to manipulate AI assistant actions

The attack required no malicious app installation. Instead, specially crafted notifications were treated as trusted context by Gemini, enabling prompt injection attacks. Researchers demonstrated scenarios where Gemini could fake messages from trusted contacts, trigger app actions, and execute commands after receiving user approval through deceptive prompts.

Google has since patched the issue through a server-side update, and there is no evidence of active exploitation. The incident highlights the growing security risks associated with AI assistants and the importance of securing notification-based interactions on smart devices.


NPAV offers a robust solution to combat cyber fraud. Protect yourself with our top-tier security product, FraudProtector.net