Gemma 4 Phones Boost Privacy, Expand Attack Surface

Hot take: local inference reduces cloud exposure, but it is not a security free pass. Once a model can run on-device and act through tools, the trust boundary shifts from the provider’s datacenter to the phone, app sandbox, and runtime.

• –Less cloud leakage is real: private prompts, media, and transcripts can stay on-device instead of being sent upstream.
• –New integrity risks appear: weights, prompts, and agent logic now live closer to user-controlled environments, which makes tampering and reverse engineering more relevant.
• –Prompt injection and malicious inputs still matter: an on-device agent can be tricked just as easily as a cloud agent, and offline execution can make bad actions happen faster.
• –Tool use is the biggest risk multiplier: once the model can message, call APIs, summarize sensitive data, or trigger device actions, permissioning and sandboxing matter more than raw model privacy.
• –Security depends on the whole stack: OS hardening, app isolation, signed model updates, local storage protections, and auditability matter as much as the model itself.
• –Net: local is usually better for privacy, but not automatically safer overall. It trades third-party data exposure for a larger device-side attack surface.