Here's an uncomfortable one. A security researcher
discovered that Gemini — running on the
Android lockscreen — can be tricked into sending SMS messages without asking for your PIN. The vulnerability has apparently been known to Google since May. A fix is coming. But it's not here yet.
Summary
- A lockscreen bypass bug in Android 16 allows Gemini to send SMS messages without PIN verification, even when the user has explicitly revoked Gemini's access to Messages.
- The exploit requires physical access to the device — an attacker taps "Add attachment" and "Continue" simultaneously when Gemini asks for a PIN, bypassing the authentication entirely.
- The same method was shown to re-enable Gemini's access to WhatsApp, overriding settings the user had manually turned off.
- Google has acknowledged the vulnerability — it was first reported in May 2026 — and a fix is already in development.
- The bug affects more than just Pixel devices, though the full list of affected Android versions and manufacturer skins hasn't been confirmed.
How It Actually Works
The setup seems secure at first. The user has disabled Gemini's access to Messages — sensible precaution. Someone picks up the locked phone, summons Gemini from the lockscreen, and tells it to send a message. Android correctly asks for a PIN. So far so good.
Then the trick: the attacker taps "Add attachment" and "Continue" at the same time. That's it. The PIN prompt disappears. Gemini sends the message.
It gets worse. The same sequence re-enables Gemini's
WhatsApp access in settings — access the user had specifically turned off. So this isn't just an SMS loophole. It's a broader permissions bypass that undoes deliberate security choices the user made in settings.
The scariest part isn't that someone can send a text from your locked phone. It's that the exploit can re-enable app permissions the user specifically revoked — silently, without any notification.
What "Known Since May" Means
Google was reportedly informed of this vulnerability in May 2026. It's now mid-July. That's roughly ten weeks between disclosure and a public fix arriving. In the security world that's not outrageous — complex OS-level bugs take time to patch properly without breaking other things — but it's not a short window either. The fact that it went public through The Register before a patch shipped means users need to be aware of it now, not after the fix.
Google hasn't said which specific Android update will include the patch, but given the severity and public attention it's getting, expect it in a near-term monthly security update.
Who's at Risk
If you have
Gemini enabled on your lockscreen and someone gets physical access to your device — even briefly — this is a real attack vector. It doesn't require technical expertise. Anyone who watches the video demonstration can replicate it. The required actions take about three seconds.
The immediate mitigations are straightforward: disable Gemini lockscreen access in Settings > Apps > Gemini > Permissions, or disable lockscreen AI shortcuts entirely under Settings > Display > Lock screen. Neither is ideal as a permanent solution, but both remove the attack surface until Google patches it.