The Studio Bot is great, but be sure you are not sharing proprietary code unintentionally

Image credit:

If you are using Android Studio Jellyfish or later, you may see the Gemini in Android Studio (formerly Studio Bot). You can ask it many different types of questions right in your IDE. The tool is very smart and has the ability to use your project code in the IDE to improve the responses it is giving you. While this is a helpful feature, if you are working on a proprietary or (commercially or otherwise) sensitive codebase you may not want to share your code with Google. Google is clear about how the data is used in their Privacy Policy and Data and Privacy documentation but even if you personally are happy with these controls, many organisations have stricter policies for their intellectual property (e.g. code).

You can control the sharing of your code right within the settings of Android Studio. You are able to choose to allow all project code, allow specific projects or do not use any project code.

This is from Koala Canary 2, the current version may look different.

You can then make the decision to only allow specific projects by selecting the Ask to decide per project option and checking the associated checkbox for only the specific ones you are happy to allow.

And whilst you may be aware of the risks in sharing sensitive code and have made a conscious decision, anyone else who also uses your codebase within Android Studio may not be and may inadvertently have the Use context from your project to improve responses setting set to true. You still need to protect your codebase and it can be tedious constantly verifying settings with a large team of developers so the best thing is to ensure the code is protected right from your source control.

Excluding code from Gemini Studio Bot

All you need to do to exclude an entire directory is place an empty file named .aiexclude at the top level of the directory (note the preceding period). Then all files within the directory and all subfolders will have the block applied.

You can leave it completely empty. I added some comments so other developers (and my future self) will remember what is for and know not to remove it.

Check this file into your source control (git etc.) and it will be picked up by all your developers and will apply this setting (undercover — it won’t actually change the Android Studio setting) when they attempt to use the Gemini Studio Bot. They will still be able to use it as a tool to ask questions about general concepts but the code will not be sent to the AI to provide context on the answers. In theory they could delete this file before using Studio Bot but that is a deliberate decision to share the code (equivalent to uploading the code to a public repository for example).

If you want a little more control over what you are excluding (for example, when only part of your code should be protected) you can treat this .aiexclude file just like a .gitignore file with the same rules. You can simply place the empty file at the top of the directory you want to protect or you can add file names or extensions with wildcards to the file for more fine grained control.


You might ask, how did I verify (beyond trusting the official documentation) that this would work?

To test this I enabled Use context from your project to improve responses and the Enable AI-based inline code completions option and started modifying a sample app. As expected Gemini Studio Bot helpfully suggested what I might be typing.

Don’t worry, this is not proprietary code! Just my test project for random experiements.

When I added the .aiexclude file and tried the same test the code completion was not supplied indicating this had been turned off.

Autocomplete was useful, but only where I know it doesn’t violate my organisation’s policies.

Even with the .aiexclude file provided I was still able to ask Studio Bot general questions not relating to the specific codebase.

Source link