Google fixing Android lock screen bug that lets Gemini send SMS without a PIN

Bender1 pts0 comments

Google fixing Android lock screen bug that lets Gemini send SMS without a PIN

Jump to main content

Search

REG AD

Security

Google fixing Android lock screen bug that lets Gemini send SMS without a PIN

A specific multi-touch gesture bypasses an authentication prompt, allowing anyone to send messages

Connor Jones

Connor<br>Jones

Cybersecurity reporter

Published<br>fri 17 Jul 2026 // 10:15 UTC

Picture this. Someone gets hold of your Android phone and, despite not knowing your PIN, they can use Gemini from the lock screen to send SMS or WhatsApp messages as you. This is a real bug and Google says a fix is coming as soon as this week.<br>Since May, The Register has received multiple reports of users bypassing device authentication on Android 16 devices that enable Gemini access from the lock screen.<br>These are distinct from the similar Gemini-based Android lock screen bypass bugs that have made the rounds since September 2025.

REG AD

One of the bugs reported to us allowed unauthenticated users with physical access to an Android device to enable functionality such as phone, texts, and WhatsApp via Gemini on the lock screen using a specific multi-touch gesture.

REG AD

When device owners revoke Gemini’s access to certain apps, like Messages, and someone later tries to send an SMS via Gemini on the lock screen, the chatbot will prompt the user to open the relevant app. Selecting "Continue" prompts the user to enter the correct PIN to access messages.<br>However, when “Continue” is pressed simultaneously with Gemini’s “Add attachment” button, the device will then allow unauthenticated users to send that SMS via Gemini, without needing to enter a PIN.<br>From there, users can enable Gemini’s access to other apps, which were previously disconnected from Gemini in the user’s Settings, by invoking the relevant prompt.

For example, to allow Gemini access to WhatsApp, users can enter “@WhatsApp” in the Gemini text window. No PIN needed.<br>You can then check this has worked by going back into user Settings, after entering a correct PIN, and it will show that WhatsApp is connected to Gemini without completing the expected authentication step.<br>Exploiting the flaw requires physical access to a device. In most circumstances, we steer clear of giving this type of vulnerability too much airtime since it is often difficult to pull off in real-world scenarios.

MORE CONTEXT

Rogue devs of sideloaded Android apps beg for freedom from Google’s verification regime

Android keyboard ditches keys entirely, predicts what you mean

Apple update looks like Czech mate for locked-out iPhone user

Google unleashes even more AI security agents to fight the baddies

If Windows, for example, had a make-me-admin bug that required the attacker, for whatever reason, to have physical access to the keyboard connected to the Windows machine, then the owner of said machine has bigger problems than the vulnerability itself.<br>However, given the state of phone theft crime, especially in the UK, and the potential to send convincing SMS messages as part of fake kidnapping scams, to name one possibility, we think this one deserves some attention.

REG AD

A Google spokesperson told us this is a known bug and it has already implemented a fix that was scheduled for a full deployment this week.<br>They also said the bug is not Pixel-specific, after some claimed that they could not reproduce it on Samsung devices, but fell short of specifying which manufacturers, models, or versions are vulnerable. ®

gemini<br>security

REG AD

SOFTWARE

Mozilla speeds Firefox release schedule to biweekly

And what to expect in Firefox 153 as the next ESR release gets close

off-prem

Billing software error sends billion-dollar AWS estimates

Amazon asks users not to panic as it works to fix the bug

Gobi X: Creating more energy for AI, not taking it from society

PARTNER CONTENT: How Envision is reversing the datacenter playbook by making computing chase abundant desert power, not the other way around

security

AI spam filters are getting suckered by old-school text salting

Turns out decades-old email tricks still work against some LLM-powered email filters

PaaS + IaaS

Amazon Web Services' most vocal customer now runs EC2

Retail foundation leader Dave Treadwell takes over as senior leader and 19-year vet Dave Brown departs for pastures unknown

SAAS

Microsoft gives admins Exchange Online breathing room

Retirement of PowerShell -Credential parameter pushed back to the end of 2026

MOST POPULAR

OS PLATFORMS

Torvalds challenged the haters to fork Linux. Someone said 'hold my beer'

ai and ml

Linus Torvalds tells AI haters to fork off

AI and ML

Researcher poisons open-weight AI model for under $100

AI and ml

Musk promises purge after Grok Build caught sending entire repos to the cloud

PAAS AND IAAS

Amazon Web Services' most vocal customer now runs EC2

AI

AI and ML

OpenAI admits GPT-5.6 occasionally deletes files – but it's an 'honest mistake'

Data purges deemed an...

gemini android lock screen send access

Related Articles