Product Engineering

For years an app was a screen you tapped through. It is quietly becoming a set of functions an agent can call without ever opening it.

With Android 17 AppFunctions, an app exposes its actions as callable tools and the screen becomes optional. When a machine can call your product directly, your permission model stops being plumbing — it becomes the product.

For years an app was a screen you tapped through. It is quietly becoming a set of functions an agent can call without ever opening it.

Android 17 shipped a feature that most product teams will underestimate. With AppFunctions, an app can expose its actions as callable tools — Android's on-device version of MCP — and an assistant like Gemini can discover and run them directly against the app's local state. The screen becomes optional. Until now the only way for an agent to use a mobile app was to simulate a human tapping through the UI: fragile, slow, and a privacy mess. That workaround is ending.

I read this less as a mobile story and more as a shift in what a product is. The moment your app is a set of functions a machine can invoke, your interface is no longer the place where decisions are enforced. The screen used to be your control surface — it was where you decided what a user could do, in what order, with what confirmation. Strip the screen away and all of that has to live somewhere else: in the function definitions, the permission model, and the audit trail.

That raises questions most products have never had to answer explicitly. Which actions are safe to expose? Which require a confirmation the agent cannot skip? What can be read versus changed? What happens when an agent chains three small, individually-harmless calls into one consequential outcome? On a screen, friction and layout answered some of that implicitly. For an agent, none of it is implicit anymore — it has to be declared.

So this is not really a platform-API task for the mobile team to absorb quietly. It is product, security, and governance design arriving through a Jetpack library. The interface is getting less visual and more operational, and the teams that treat permissions as part of the product — not an afterthought bolted under it — are the ones whose apps will be safe to hand to an agent.

When a machine can call your product directly, your permission model stops being plumbing. It becomes the product.

Теги
product-engineeringagentic-aisystems-thinkingpermissions
Подписка

Еженедельный разбор сигналов прямо в почту.

Один email в неделю. Никакого спама. Отписка одним кликом.