← Blog

Mobile apps

Apple's Gemini Siri pivot: ship your own classifier

Apple's new AI architecture moves Siri's brain to Google Gemini servers. For the Dutch apps we ship, that quietly breaks three privacy promises we made our users.

Jacob Molkenboer· Founder · A Brand New Company· 10 Jun 2026· 6 min
Small craft-paper parcel with linen twine, wax-sealed envelope, green ribbon, brass luggage tag on ivory paper.

A founder we ship for in Utrecht messaged us the morning after WWDC. Her question fit in one line: "If we route our food-tracker's natural-language entry through Apple Intelligence now, does Google see what our users ate?" The honest answer is that the contractual answer and the technical answer have drifted apart this week, and for small Dutch apps that is the entire problem.

Apple's new AI architecture moves Siri's reasoning layer onto Google's Gemini models, routed through Apple-operated Private Cloud Compute. The headline framing is that nothing changes for the user. The framing for developers, especially those of us shipping AVG-bound apps to operations teams and consumer audiences in the Netherlands, is that three quiet guarantees just shifted under the floor.

The architecture in one paragraph

Apple Intelligence at launch was a stack of two layers: a small on-device Apple foundation model for routine inference, and Private Cloud Compute for anything heavier. Both were Apple-trained. The post-WWDC architecture keeps the local tier mostly intact but routes the heavy queries through Gemini-backed inference inside Apple's PCC envelope. The model weights are Google's. The data plane and the audit log are still Apple's. The trust story is now a contract between two of the largest data companies on the planet.

This is fine for most consumer flows. It is not fine when an app handles medical logs, payroll, fertility data, or anything else where the user expected a phone to stay a phone.

Guarantee one: on-device by default

For five WWDCs in a row, Apple's pitch was that your data stays on your iPhone unless you actively chose otherwise. App Intents that wired into Siri's heavier reasoning broke that boundary the moment they shipped, but the boundary was at least Apple-shaped. With Gemini in the loop, "off-device" now means "off-Apple" in a way the legal team has to write down.

For our food-tracker example, this matters. A free-text entry like "logged a Karvan Cevitam for the kid's lunch" carries a child's diet pattern. The user did not opt that into a foreign training corpus, even if the contract says they did not have to.

Guarantee two: data sovereignty inside the EU

Apple's PCC datacenters at launch were primarily US-located. The promise was that the chain of custody was end-to-end attestable. Adding Gemini does not necessarily move the inference geography, but it does change the regulatory shape. Under AVG, every sub-processor needs to be enumerated in the DPA you signed with your enterprise customers. Apple as processor was already a footnote. Apple plus Google as sub-processor is a separate paragraph and a fresh DPIA on your DPO's desk.

For consumer apps this is mostly a paperwork problem. For the B2B mobile apps our Rotterdam and Amsterdam clients build for their own operations teams, it is a procurement conversation they did not budget for this quarter.

Guarantee three: model isolation

The old story was "no third party trains on your prompt." That was a technical guarantee because there was no third party in the room. The new story is "Google contractually agrees not to train on routed queries." Both can be true. Only one of those statements survives a determined breach disclosure.

Warning

If your app's DPA names "Apple Inc." as the sole processor for AI features, that document is out of date. Bring it back to your DPO before your next release rides Apple Intelligence into a regulated workflow.

What we ship in the Dutch apps instead

For most natural-language entry points in the apps we build, the heavy model is overkill. The user is going to type one of about forty intents. "Log food", "set reminder", "show last week", "export CSV", "delete account". A multinomial classifier on top of Apple's NaturalLanguage word embeddings handles all of them in single-digit milliseconds and ships in under fifteen megabytes.

The pipeline:

  1. Collect 50 to 150 examples per intent from your existing analytics or write them by hand.
  2. Train a text classifier in Create ML (the GUI tool ships with Xcode).
  3. Drop the resulting .mlmodel into the app target.
  4. Wrap it in a Swift class your view models can call.

The Swift side fits on one page:

import CoreML
import NaturalLanguage

final class LocalIntent {
    static let shared = LocalIntent()
    private let model: NLModel

    private init() {
        guard let url = Bundle.main.url(forResource: "AppIntents", withExtension: "mlmodelc"),
              let nl = try? NLModel(contentsOf: url) else {
            fatalError("AppIntents.mlmodelc missing from bundle")
        }
        self.model = nl
    }

    func classify(_ text: String) -> (label: String, confidence: Double)? {
        let hypotheses = model.predictedLabelHypotheses(for: text, maximumCount: 2)
        guard let top = hypotheses.max(by: { $0.value < $1.value }) else { return nil }
        return (top.key, top.value)
    }
}

// Usage in a view model
let entry = "twee bananen gegeten"
if let result = LocalIntent.shared.classify(entry), result.confidence > 0.78 {
    router.route(intent: result.label)
} else {
    // fall through to a fuzzy free-text path, not Apple Intelligence
}

That is the whole runtime. No network, no PCC, no Gemini, no DPIA refresh. The model lives in the .ipa, ships under your existing privacy policy, and runs while the phone is in airplane mode.

When to still reach for the cloud

This is a real tradeoff, not a religious position. On-device classifiers struggle with three things: very long free text of more than a few sentences, unseen vocabulary that does not embed well, and reasoning across multi-step intents. For those cases, a server call to a model you control beats a Siri handoff every time. Run the inference in your own EU-hosted compute, log it under your own DPA, and you have answered the privacy story before legal asks.

The five-minute audit

Open your app's privacy nutrition label. Walk down each "Data Used to Track You" and "Data Linked to You" row. For each row, ask the question that founder asked us on Friday: if a feature on this row gets answered by Apple Intelligence under the new architecture, can you still defend the row's wording in writing? If the answer is "not without a call to legal," that flow needs a local model before the next release.

When we shipped the on-device intent layer for a Dutch nutrition app last month, the hard part was not Core ML, it was building the labelled dataset. The AI agents and on-device inference work we do is exactly this shape, and we are happy to share the training notebooks.

Tomorrow morning, before standup, open Xcode, create a new Create ML text classifier project, paste in fifty example utterances from your app, and hit Train. The .mlmodel that drops out is your first written answer to your DPO.

Key takeaway

Siri's brain now runs on Google. For private flows in your Dutch app, ship a small on-device classifier and keep the boundary inside the phone.

FAQ

Does this affect Siri Shortcuts or App Intents I already ship?

Yes for any path that touches Apple Intelligence reasoning. Classic Shortcuts and basic App Intents stay on the lighter on-device layer. Audit which AppIntent endpoints opt in to intelligence and treat those as cloud calls.

Can my app opt out of Apple Intelligence routing entirely?

You can decline the AppIntent intelligence surface and ship your own Core ML classifier instead. The system Siri overlay is harder to override, but anything the user invokes from inside your UI is fully under your control.

How big is a useful on-device intent classifier?

For most natural-language entry flows a multinomial classifier on Apple's word embeddings sits under 15 MB and runs in single-digit ms. Train in Create ML, drop the .mlmodel in your bundle, ship under your existing privacy policy.

Does AVG require a fresh DPIA when an app uses Apple Intelligence now?

If the AI feature processes personal data, almost certainly yes. The new sub-processor chain triggers Article 28 disclosure plus an updated DPIA under most Dutch DPO templates. Talk to legal before your next release.

mobile appsai agentsarchitecturesecuritystrategyoperations

Building something?

Start a project