AI integration is rapidly becoming a part of everyday life, appearing in phones, apps, search engines, and even drive-throughs. With the introduction of web browsers featuring built-in AI assistants and chatbots, the way people access and consume information has changed dramatically. However, alongside these advancements, AI tools are increasingly requesting broad access to personal data under the pretext of improving functionality — a practice that raises serious privacy concerns.
In earlier years, users were cautious when free apps like flashlights or calculators requested unnecessary access to contacts, photos, and real-time location. These requests were often driven by the opportunity to monetize personal data rather than to enable core functions. The pattern is repeating itself in the AI space.
Perplexity’s AI-powered browser, Comet, serves as a recent example. Designed to help users find answers and automate tasks like summarizing emails and calendar events, Comet asks for wide-ranging permissions when linked to a Google Calendar. These include the ability to manage drafts and send emails, download contacts, view and edit all calendar events, and even copy a company’s entire employee directory. While Perplexity states that much of this information is stored locally on a device, users are still granting the company the right to access and use this data, including for the improvement of its AI models.
Perplexity is not alone. Many AI-powered apps offer convenience features such as transcribing calls or meetings but require access to private conversations, calendars, and contacts to operate. Meta has also tested AI features capable of accessing unuploaded photos stored on a device’s camera roll, further blurring the lines between functionality and intrusion.
Signal president Meredith Whittaker compared AI assistants to “putting your brain in a jar,” pointing out that while these tools can handle tasks like restaurant reservations or event bookings, they often request far-reaching permissions. These might include accessing stored passwords, bookmarks, browsing history, credit card details, calendars, and contacts — all in the name of automation.
Granting AI such permissions effectively hands over a complete snapshot of personal data, from years-old messages and calendar entries to sensitive contact lists. This level of access can expose users to significant privacy and security risks, particularly as AI agents act autonomously and are prone to errors or fabrications. Moreover, AI companies often rely on reviewing user data to troubleshoot problems, further increasing the risk of human access to sensitive information.
From a privacy and security perspective, the trade-off between convenience and control is heavily skewed. Any AI app requesting extensive access to personal data should prompt serious reconsideration. Just as a flashlight app’s request for location access raised red flags in the past, today’s AI assistants demanding expansive permissions warrant the same level of caution. Ultimately, the question remains whether the time saved by automation is worth the cost of handing over personal information.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
