Unexpected Gemini API charges reported

ssteke · April 29, 2026, 6:35am

Unexpected Gemini API charges on April 25, 2026 — Firebase-provisioned Android API key (auto-created, unrestricted) used for unauthorized requests

Hi Google Cloud Community and the Gemini API team,

I’m posting in parallel with a billing support case to share my incident and request a billing review. The pattern matches several recent threads here (the €54k EU case, the $67k+ South Korea case, the $4,368 case from April 27, and the case covered by The Register in March 2026), and I’m hoping for similar engagement from Google staff.

What happened

On April 25, 2026, Google’s own automated systems flagged this incident: I received an email titled “Google Cloud Support 70577894: Action Required: Suspicious Activity Observed on Google Cloud Project mobondhrd.” I noticed the email and the corresponding billing spike on the morning of April 26.

A sudden and extreme spike in Gemini API (Generative Language API) usage occurred on my GCP project, with the following SKUs:

Generate content text output token count for Gemini 3 Pro (SKU 530B-F4DF-9814): ₹2,51,019.85
Gemini 3.1 Flash Image — Image Output Predictions (SKU 1BD4-2AB9-AEFB): ₹2,45,031.84
Generate content image output token count for Gemini 3 Pro Image (SKU 096D-0370-0236): ₹2,42,109.56

Total disputed: ₹8,61,344.72 (approximately USD 10,300).

I have never used the Gemini 3 Pro, Gemini 3.1 Flash Image, or Gemini 3 Pro Image models on this project. The project has never had a production Gemini integration — I had only recently enabled the Generative Language API for evaluation, and I have never created or distributed a Gemini API key in AI Studio or the GCP console.

Tracing the requests through the Billing reports, the traffic was generated using an Android API key that was auto-provisioned by Firebase and embedded in a google-services.json file solely as an app identifier for Firebase services (Firebase Analytics, etc.). The key had no API restrictions, so the moment I enabled the Generative Language API on the project, this pre-existing Firebase identifier silently became a valid Gemini credential — the exact privilege-escalation pattern documented in Truffle Security’s February 25, 2026 research and acknowledged by Google. (I’d note that Google’s own enforced Gemini spend caps, rolled out on April 1, 2026, appear to be a direct response to this class of incident; unfortunately my project pre-dated and was not protected by those controls.)

Project & billing details

App / use case: Public transport information Android app
Billing reseller: Searce (India) — invoice flows through them
Approximate disputed amount: ₹8,61,344.72 (≈ USD 10,300)
Spike window: April 25, 2026 (within a short span of hours)
Google Cloud Support Case ID: 70577894 (“Action Required: Suspicious Activity Observed on Google Cloud Project mobondhrd”)

Why this is unauthorized use, not legitimate consumption

The key was auto-provisioned by Firebase, not created by me in AI Studio or the GCP console. It was intended as an app identifier for Firebase services, consistent with Firebase’s own security checklist statement that “API keys are not secrets.”
The project has no production Gemini integration. No app code, server, or user base on this project could legitimately generate the observed request volume in such a short window.
The traffic pattern is inconsistent with any traffic this project has ever produced (volume, timing, model mix — Gemini 3 Pro and image-generation SKUs were never used by me).
The key was never used for the Generative Language API at any point before I enabled that API on the project, supporting the Truffle Security finding that previously-benign keys silently become Gemini credentials when the API is enabled.
Google’s own automated systems detected and flagged this as suspicious activity on the same day (Case 70577894), independently corroborating that this was abuse, not legitimate consumption.

Mitigation already completed

Compromised Android Firebase key has been restricted to the specific app’s package name + SHA-1 fingerprint.
Generative Language API has been disabled on the project.
All remaining API keys across all my projects have been audited and now carry API + application restrictions.
Hard per-API quota limits have been set on the Generative Language API.
A project-level spend cap has been configured in AI Studio.

Request

I’m respectfully requesting a billing review and credit for the unauthorized April 25, 2026 charges. I am happy to share, privately with the team that picks this up: full Cloud Logging samples showing request origins, the complete billing export for the spike window, the Google Cloud Support email in full, the API key metadata showing Firebase auto-provisioning, and any other evidence required.

Given (a) the documented architectural cause, (b) Google’s own detection of this as suspicious activity, (c) the mitigation already in place, and (d) the precedent of similar reviews in recent threads here, I’d really appreciate the team’s review.

Thank you, Sachin

Topic		Replies	Views
Unexpected $67k+ Gemini API spike in 19 hours — 2016 Firebase-provisioned Android key not covered by Google's May 2024 auto-restriction policy Gemini API gemini-api , billing , firebase	10	555	May 11, 2026
Unauthorized Gemini API charges on May 2, 2026 (MXN $40K+) — possible link to April Vercel incident — requesting community guidance and Google review Gemini API api , help-request , gemini-api , gemini , billing	1	115	May 6, 2026
[Urgent] ~$2200 in unauthorized Gemini API charges from leaked client-side key — requesting refund Gemini API billing	0	214	April 21, 2026
~$4,368 in unauthorized Gemini API charges from a historically-leaked client-side key (key from 2022) — requesting billing review Gemini API gemini-api , api-key	1	132	April 28, 2026
[Urgent] Gemini API Billing Issue: Unexpected Charges for Unused Models (Tier 1) Gemini API billing	3	400	March 28, 2026