Code suggests Google’s Gemini Spark could make purchases without user approval, Forbes reports

Forbes reported on May 24 that code inside Google’s app suggests Gemini Spark, the company’s new always-on AI agent, may be able to make purchases without asking for permission in every case. The report said the warning appeared to sit uneasily beside Google’s I/O 2026 messaging about secure, user-authorized checkout. Google introduced Gemini Spark at its May 19-20 developer conference as part of a broader push into agent-style AI that can work across apps, files and workflows. Google’s own support and subscription pages also show that paid Gemini access comes with usage limits, even for higher-tier subscribers. ### Where did the purchase concern come from? Forbes said an APK teardown of the Google app surfaced onboarding language indicating Gemini Spark is designed to ask for permission before sensitive actions, but may still share information or buy items without approval in some cases. The publication said that language appeared in pre-release code rather than in Google’s public keynote presentation. (forbes.com) Google said at I/O 2026 that it is building agents that can help users act, not just answer questions. In its official I/O roundup, Google described advances to “agent-first” development through Antigravity and said Gemini 3.5 Flash combines “frontier intelligence with action,” though the company page in search results did not spell out the specific checkout warning cited by Forbes. (forbes.com) ### Did Google publicly pitch Spark as a shopping agent? Google’s I/O materials framed Gemini Spark as part of a wider product shift toward persistent assistants and agentic tools. Search results summarizing the launch described Spark as an always-on assistant meant to work across services including Gmail and other workflows, while Google’s official I/O page emphasized agents that help users act across products. (blog.google) Forbes said the tension was that Google executives highlighted secure, user-authorized payments on stage, while code in the app suggested a looser fallback in some circumstances. That characterization comes from Forbes’ reading of the code and onboarding text. ### What do the usage-limit disclosures show? (blog.google) Google’s Gemini support page says usage limits exist “to ensure an optimal experience for everyone” and that the company may cap prompts, conversations or feature use within a given timeframe. The same page says access “is subject to change” and may be limited by testing, experimentation or availability. (forbes.com) Google’s subscription page for AI Pro and Ultra says Ultra subscribers get “up to 20x higher usage limits” than the Pro plan and first access to advanced features including Gemini Spark in the United States in English. That page does not present Spark as unlimited, and the support page separately makes clear that caps can still apply. ### Is there an official token top-up option? (support.google.com) Google’s publicly available subscription and support pages surfaced in search do not show a consumer-facing token top-up option for Gemini app usage. Forbes reported there was no obvious top-up mechanism available for Google One Ultra subscribers reviewing the early Spark setup. (gemini.google) Google’s separate Gemini API billing page describes developer billing and paid usage for API customers, but that is a different product path from consumer Gemini app subscriptions. The API billing documentation therefore does not amount to a top-up system for Gemini Spark inside the consumer app. ### What is the practical takeaway for users right now? (forbes.com) The May 24 Forbes report points to two issues in early Gemini Spark code: how much autonomy the agent may have around purchases, and how much paid access may still be constrained by caps. Google’s current official pages confirm the second issue in broad terms by stating that usage limits apply and that access can change, while its subscription page confirms Spark access for Ultra users is tiered rather than open-ended. (ai.google.dev) Google’s next public clarifications are likely to appear on its Gemini support pages, subscription pages or future product documentation tied to Gemini Spark availability in the United States. As of May 25, those pages remain the clearest official references for access terms, while the purchase-warning detail remains sourced to Forbes’ review of app code. (forbes.com)