Key Takeaways
How To Allow Gemini To Make Calls And Send Messages Without Unlocking Phone

- A multi-touch gesture on Android 16 devices bypasses PIN authentication when using Gemini from the lock screen
- Attackers with physical access can send SMS and WhatsApp messages without unlocking the device
- Google says a fix is scheduled for deployment this week, though affected device models remain unspecified
Google is patching an Android 16 bug that lets anyone with physical access to a device send SMS or WhatsApp messages through Gemini, bypassing PIN authentication entirely. The flaw exploits a specific multi-touch gesture that tricks the lock screen into granting access to messaging apps without credentials.
The Register reports receiving multiple user reports of the bypass since May 2026. Google confirmed the bug and told the publication a fix was scheduled for full deployment this week.
How the bypass works
The vulnerability targets devices with Gemini access enabled from the lock screen. When a user has revoked Gemini's access to certain apps, like Messages, the assistant will normally prompt for PIN entry before proceeding. That prompt can be defeated.
Here's the sequence: an attacker tries to send an SMS via Gemini on the lock screen. Gemini prompts them to open the Messages app and authenticate. Instead of entering a PIN, they press "Continue" simultaneously with Gemini's "Add attachment" button. The device then allows the SMS to go through, no PIN required.
Once in, the attacker can enable Gemini's access to other apps that were previously disconnected. Typing "@WhatsApp" in the Gemini text window, for example, grants access to WhatsApp. The settings will show WhatsApp as connected to Gemini even though no authentication occurred.
Why physical access bugs matter here
Security researchers often discount physical access vulnerabilities. If someone has your laptop in hand, you have bigger problems than a privilege escalation bug. Phones are different.
Phone theft is rampant, particularly in urban areas. The UK has seen persistent spikes in device snatches. A stolen phone that can send messages as the owner opens the door to fake kidnapping scams, fraudulent requests to contacts, or account recovery attacks. The victim's number and identity carry weight that a random burner phone does not.
This is not the first Gemini lock screen bypass. Similar bugs have surfaced since September 2025, suggesting a pattern rather than a one-off mistake. The push to make AI assistants more capable from the lock screen creates friction with authentication requirements. Google has not found the right balance yet.
Which devices are affected?
Google confirmed the bug is not Pixel-specific. Some users reported they could not reproduce it on Samsung devices, but Google did not specify which manufacturers, models, or Android versions are vulnerable. That vagueness is frustrating for IT teams managing mixed fleets.
Android 16 devices with Gemini lock screen access enabled are the primary concern. Organizations that have deployed corporate profiles with lock screen AI features should audit those configurations.
What to do now
Disable Gemini access from the lock screen until the patch reaches your devices. The setting lives in Gemini preferences under "Lock screen" or equivalent, depending on your device manufacturer's skin.
For MDM-managed fleets, push a policy update blocking lock screen assistant access. This is a reasonable default regardless of this specific bug, since AI assistants that can take actions from a locked device represent a growing attack surface.
Monitor for the patch. Google said deployment was scheduled for this week, but OEM rollout timelines vary. Pixel devices typically receive updates first. Samsung, OnePlus, and others follow on their own schedules.
Logicity's Take
This bug reflects a deeper design tension. Google wants Gemini to be useful everywhere, including the lock screen. But every capability you expose before authentication is a capability an attacker can exploit. The multi-touch bypass is almost comical in its simplicity, pressing two buttons at once should not defeat PIN requirements. For CIOs, the lesson is to treat lock screen AI features as high-risk by default. Disable them in your MDM policies unless there is a compelling business need that outweighs the exposure.
Frequently Asked Questions
Does this bug affect all Android phones?
Google says the bug is not Pixel-specific, but has not confirmed which manufacturers or Android versions are affected. Android 16 devices with Gemini lock screen access enabled are the primary concern.
Can attackers access my phone remotely using this vulnerability?
No. This bug requires physical access to the device. Remote exploitation is not possible with this specific flaw.
How do I disable Gemini on the lock screen?
Open Gemini settings, navigate to Lock screen preferences, and disable assistant access from the lock screen. The exact path varies by device manufacturer.
When will Google release the fix?
Google told The Register the fix was scheduled for full deployment the week of July 17, 2026. Actual availability depends on your device manufacturer's update timeline.
Is this related to previous Gemini lock screen bypasses?
Similar Gemini-based lock screen bypass bugs have appeared since September 2025. This is a distinct vulnerability from those earlier issues, though they share the same root cause of AI assistant capabilities exposed before authentication.
Need Help Implementing This?
If your organization needs to audit mobile device policies or implement MDM controls to mitigate lock screen vulnerabilities, contact Logicity's consulting team for a security configuration review.
Source: www.theregister.com
Huma Shazia
Senior AI & Tech Writer
Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.






