Google fixing Android lock screen bug that lets Gemini send SMS without a PIN
Jump to main content
Search
REG AD
Security
Google fixing Android lock screen bug that lets Gemini send SMS without a PIN
A specific multi-touch gesture bypasses an authentication prompt, allowing anyone to send messages
Connor Jones
Connor<br>Jones
Cybersecurity reporter
Published<br>fri 17 Jul 2026 // 10:15 UTC
Picture this. Someone gets hold of your Android phone and, despite not knowing your PIN, they can use Gemini from the lock screen to send SMS or WhatsApp messages as you. This is a real bug and Google says a fix is coming as soon as this week.<br>Since May, The Register has received multiple reports of users bypassing device authentication on Android 16 devices that enable Gemini access from the lock screen.<br>These are distinct from the similar Gemini-based Android lock screen bypass bugs that have made the rounds since September 2025.
REG AD
One of the bugs reported to us allowed unauthenticated users with physical access to an Android device to enable functionality such as phone, texts, and WhatsApp via Gemini on the lock screen using a specific multi-touch gesture.
REG AD
When device owners revoke Gemini’s access to certain apps, like Messages, and someone later tries to send an SMS via Gemini on the lock screen, the chatbot will prompt the user to open the relevant app. Selecting "Continue" prompts the user to enter the correct PIN to access messages.<br>However, when “Continue” is pressed simultaneously with Gemini’s “Add attachment” button, the device will then allow unauthenticated users to send that SMS via Gemini, without needing to enter a PIN.<br>From there, users can enable Gemini’s access to other apps, which were previously disconnected from Gemini in the user’s Settings, by invoking the relevant prompt.
For example, to allow Gemini access to WhatsApp, users can enter “@WhatsApp” in the Gemini text window. No PIN needed.<br>You can then check this has worked by going back into user Settings, after entering a correct PIN, and it will show that WhatsApp is connected to Gemini without completing the expected authentication step.<br>Exploiting the flaw requires physical access to a device. In most circumstances, we steer clear of giving this type of vulnerability too much airtime since it is often difficult to pull off in real-world scenarios.
MORE CONTEXT
Rogue devs of sideloaded Android apps beg for freedom from Google’s verification regime
Android keyboard ditches keys entirely, predicts what you mean
Apple update looks like Czech mate for locked-out iPhone user
Google unleashes even more AI security agents to fight the baddies
If Windows, for example, had a make-me-admin bug that required the attacker, for whatever reason, to have physical access to the keyboard connected to the Windows machine, then the owner of said machine has bigger problems than the vulnerability itself.<br>However, given the state of phone theft crime, especially in the UK, and the potential to send convincing SMS messages as part of fake kidnapping scams, to name one possibility, we think this one deserves some attention.
REG AD
A Google spokesperson told us this is a known bug and it has already implemented a fix that was scheduled for a full deployment this week.<br>They also said the bug is not Pixel-specific, after some claimed that they could not reproduce it on Samsung devices, but fell short of specifying which manufacturers, models, or versions are vulnerable. ®
gemini<br>security
REG AD
SOFTWARE
Mozilla speeds Firefox release schedule to biweekly
And what to expect in Firefox 153 as the next ESR release gets close
off-prem
Billing software error sends billion-dollar AWS estimates
Amazon asks users not to panic as it works to fix the bug
Gobi X: Creating more energy for AI, not taking it from society
PARTNER CONTENT: How Envision is reversing the datacenter playbook by making computing chase abundant desert power, not the other way around
security
AI spam filters are getting suckered by old-school text salting
Turns out decades-old email tricks still work against some LLM-powered email filters
PaaS + IaaS
Amazon Web Services' most vocal customer now runs EC2
Retail foundation leader Dave Treadwell takes over as senior leader and 19-year vet Dave Brown departs for pastures unknown
SAAS
Microsoft gives admins Exchange Online breathing room
Retirement of PowerShell -Credential parameter pushed back to the end of 2026
MOST POPULAR
OS PLATFORMS
Torvalds challenged the haters to fork Linux. Someone said 'hold my beer'
ai and ml
Linus Torvalds tells AI haters to fork off
AI and ML
Researcher poisons open-weight AI model for under $100
AI and ml
Musk promises purge after Grok Build caught sending entire repos to the cloud
PAAS AND IAAS
Amazon Web Services' most vocal customer now runs EC2
AI
AI and ML
OpenAI admits GPT-5.6 occasionally deletes files – but it's an 'honest mistake'
Data purges deemed an...