Discussion: Allow restoring certain permissions for Gemini

bastik77

Hi all,

I've recently tested Google Gemini (formerly Assistant/Bard) on GrapheneOS and ran into a limitation that seems to be intentional by design — but I’d like to open a respectful discussion around it.

🧠 The situation:
After installing Gemini via sandboxed Play Store, everything works initially:

Microphone input works

The app launches and can receive voice input

The assistant functions (minus hotword etc.)

However, after every reboot, the microphone stops working and the Assistant integration vanishes. Even if all the required permissions were previously granted via ADB:

adb shell pm grant com.google.android.apps.bard android.permission.RECORD_AUDIO
adb shell appops set com.google.android.apps.bard SYSTEM_ALERT_WINDOW allow
…they must be manually re-applied each time. Launching the app alone is not enough — microphone input stays broken until those ADB commands are run again.

🔐 Yes, I understand:
This is GrapheneOS's expected behavior and likely by design:

No privileged service binding (e.g. VoiceInteractionService)

No persistent assistant setting

No background microphone or hotword support

Sandboxed apps cannot receive system-level integration

That’s totally understandable from a security perspective.

⚠️ However — a possible problem:
Right now, users are stuck in an awkward situation:

You can use Gemini, but only if you're willing to connect the phone to a PC after every reboot to re-grant essential permissions via ADB.

No app on the device itself can re-grant them, not even via scripting (e.g. Termux, MacroDroid).

No semi-automated fallback exists.

This makes practical use of voice-enabled apps like Gemini a showstopper, even if the user accepts the security tradeoff and is willing to re-enable them manually after reboot.

💡 Discussion & Possible Feature Request:
Would it be possible to add a secure, user-triggered mechanism to restore app-granted permissions after boot, without ADB and without root?

Some ideas:

A trusted UI inside Settings that shows "Apps with volatile permissions" and lets users reapply them manually.

A controlled startup hook that allows user-approved scripts (like Tasker/MacroDroid) to re-request permissions — without background execution or automation.

At least, an opt-in setting to retain permissions like RECORD_AUDIO for sandboxed Play apps the user explicitly allowed before reboot.

Byku

Something strange is going on here. VoiceIntegrationService should bind when you set an app as your assistant. You say it loses microphone permission and is no longer in the assistant slot? I might have misunderstood what you wrote. What functions are missing after reboot? You can automate running shell scripts using the automation apps with Shizuku rish, but I'm not sure this is needed here. People here have used Gemini before.

bastik77

I had freshly installed Gemini and set it as the Assistant, and everything worked as expected at first.
Launching it via the Home button worked, and the microphone was active.

However, after a reboot, nothing worked anymore.
The Assistant setting was still correctly selected, and switching back and forth between assistants didn’t help either.
Only running the ADB commands to re-grant the permissions made it work again.

Google Pixel 9