Google’s Gemini lets strangers send messages from your locked Android phone

Gemini, Google’s AI assistant, should make life easier for Android smartphone owners. But right now it can also make life easier or anyone whoever happens to be holding your phone.
As Register reports, Google is working to fix a vulnerability that allows an attacker with physical access to a locked Android 16 device to use Gemini to send SMS messages and WhatsApp texts, without needing to enter a PIN.
So, think about this event. Someone finds your locked Android phone and, despite not knowing your security PIN, can send SMS or WhatsApp messages pretending to be you.
Register says it has received multiple reports since May of how it is possible to bypass authentication on Android 16 devices that have enabled Gemini to access the lock screen.
In May 2026, a security researcher published a document explaining how they recreated the problem on a fully jailbroken Pixel 6a, using Gemini’s Deep Research feature as an entry point.
It’s clear that Google has patched Gemini lock screen issues before, but security researchers continue to find new ways to bypass them.
The latest vulnerability is different from previous similar Android lock screen bugs that have been plaguing the operating system since September 2025.
This latest exploit requires some multi-touch. If Android devices have revoked Gemini’s access to apps like Messages, and someone tries to send an SMS with Gemini on the lock screen, the user is prompted to enter a PIN. However, if “Continue” is pressed simultaneously with Gemini’s “Add attachment” button, the device allows the SMS to be sent without confirmation.
An attacker can then enable Gemini access to other previously disabled applications. All they have to do is request related information – for example – by writing “@WhatsApp” in Gemini’s text window. Again, no PIN is requested or required.
What makes this a scam is that the changes are not temporary. If the victim later turns on his phone and checks the settings of Gemini, he will find that WhatsApp is connected to Gemini, although no PIN has ever been entered.
Of course, exploiting a vulnerability like this requires physical access to a vulnerable Android device. This is not an attack that a random hacker could do. But, as we all know, it is very common for a device to be left unattended, or snatched from a bag, or given to someone you think you can trust.
A Google spokesperson said Register This new bug is known, and that a fix is scheduled to be released this week. But for now, you’d be wise to limit what Gemini can access on your lock screen.
To do that:
- Open the Gemini app, tap your profile picture, go to Settings, and select “Gemini on lock screen.”
- Turn off “Use Gemini without unlocking” completely, or (if you’re not comfortable with that) disable “Make calls and send messages without unlocking.”
Google will undoubtedly fix this bug. But the underlying problem remains. Every new Gemini power offered on the lock screen is also a new potential attack surface. The more helpful your AI assistant becomes without you needing to unlock your phone, the harder it is to ensure that only you can use it.



