Connect with us

NEWS

Gemini’s Lock Screen Bug Is Android’s Fourth SMS Bypass This Year

Google is fixing a Gemini lock screen bug that let anyone with a locked Android phone send SMS without a PIN, the fourth such bypass disclosed in a year.

Published

on

Google is pushing out a fix this week for an Android bug that let anyone holding a locked phone use Gemini to send texts as its owner, no PIN needed. The flaw hits Android 16 phones with Gemini enabled on the lock screen. The Register broke the story after fielding reports since May, and a Google spokesperson has confirmed the bug is real.

It is also at least the fourth distinct way researchers have found to slip Gemini past Android’s lock screen since September 2025. Four separate bypasses in under a year point to a design gap no single patch has closed.

The Multi-Touch Trick Behind the New Bypass

The bug only works if the phone’s owner already turned on Gemini’s lock screen access, then separately revoked its permission for one app: Messages. Ask Gemini to text through Messages after that, and it follows the rules. It shows a “Continue” button and asks for the correct PIN before opening the app.

The bypass sits in what happens next. Press “Continue” at the exact same moment as Gemini’s “Add attachment” icon, and the message goes out anyway. No PIN prompt ever completes.

  • Open Gemini from the lock screen and ask it to text through an app already disconnected, such as Messages.
  • When Gemini shows “Continue” to request a PIN, tap it at the same instant as the “Add attachment” icon.
  • The text sends with no PIN, and Gemini keeps access to that app afterward.
  • Type “@WhatsApp,” or another disconnected app’s name, into Gemini’s chat box to reconnect it the same way, without ever entering a code.

Unlock the phone later and check settings, and WhatsApp shows up as connected to Gemini even though the required authentication step never happened. Exploiting any of this needs physical possession of the device, which is usually why outlets shrug off this class of bug. This one is different because of who else is affected once a phone leaves its owner’s hand.

Four Bypasses, One Recurring Flaw

The SMS trick is not an isolated find. It is the newest entry in a run of Gemini lock screen bypasses stretching back nearly a year, each patched, each followed by a fresh route through the same door.

  1. March 2025: A researcher at security firm Payatu reports a bypass exposing Google accounts and Gemini chat history through a race condition between Samsung’s Bixby assistant and the on-screen keyboard, reproduced on Android 13, 14 and 15.
  2. September 10, 2025: Google publicly discloses the Payatu bug with proof-of-concept detail. The same month, it also publishes findings on a separate researcher’s own Gemini lock screen report, and the two disclosures become the baseline every later bug gets compared against.
  3. April 2026: A researcher who publishes as Sandiyo Christan uses Gemini’s Deep Research feature to escape the lock screen in under 60 seconds on a fully patched Pixel 6a running Android 16.
  4. July 2026: The Register discloses the “Continue” and “Add attachment” bug after months of reader tips, and Google confirms a fix is rolling out this week.

Each incident relies on a version of the same basic trick: press two on-screen targets at once and the authentication check loses the race. The specific buttons change every time. The underlying gap between Gemini’s lock screen overlay and the fully authenticated app does not.

Snatch Theft Numbers Sharpen the Risk

Physical-access bugs rarely get much attention because pulling one off usually means catching a phone unattended. The United Kingdom’s phone theft numbers are the reason this one reads differently.

An estimated 78,000 people had a phone or bag snatched from them on the street in England and Wales in the year to March 2024, equal to roughly 200 snatch thefts a day and a 153% jump from the year before, according to a House of Commons Library briefing on mobile phone thefts. London remains the country’s hotspot, with roughly £50 million worth of phones (about $63 million) reported stolen there in 2024 alone.

The Register’s own reporting ties the bug to a specific worry beyond ordinary theft or resale: a stolen phone that still lets a stranger send convincing text messages as its owner is a tool for fake kidnapping and ransom scams sent to family members who trust the number on their screen.

Google Confirms the Bug, Fix Due This Week

A Google spokesperson told The Register the SMS bypass is a known issue and that a fix is scheduled to arrive this week. Google has patched every earlier bug in this pattern too, and each time, a researcher has found a new route through the same feature within months.

The company has confirmed the flaw is not limited to Pixel hardware, but it has not said which manufacturers or Android skins beyond stock Android 16 carry it. That leaves an open question for the many non-Pixel Android 16 owners who also have Gemini’s lock screen access switched on.

Agentic Ambitions Keep Outrunning the Patches

Google has spent 2026 promoting Gemini as an agent capable of acting on a phone, well beyond simply answering questions on it. A company blog post on Android’s security approach describes the goal as building agentic AI features “built on a foundation of security and privacy.” The recurring bypasses suggest that foundation still has gaps at the exact point where the assistant meets the lock screen.

Google has also described Android’s broader shift as moving from an operating system to what it calls an “intelligence system,” rolling out permission screens and on-device protections alongside new Gemini features, part of Android’s new agentic AI security protections rolled out in May.

Every new capability Gemini is given at the lock screen is also a new potential attack surface.

Graham Cluley, a security blogger who has covered the computer security industry since the early 1990s, made that point in a post about the bug. He added that the more useful an AI assistant becomes without unlocking a phone, the harder it gets to guarantee only the owner can use it.

One Legacy Flaw Wearing Different Disguises

Christan, the researcher behind the April 2026 Pixel 6a bypass, described his own find in blunt terms: “Same boundary. Different door.” He argued Google needs a hard system checkpoint between Gemini’s lock screen overlay and the full app that cannot be raced by a UI tap, and that until it exists, “the boundary is a suggestion.”

A separate researcher, Mustafa Salih Berk, published a write-up just weeks before this latest bug describing a multi-touch trick that reached beyond messaging into Gmail drafts, Google Docs and NotebookLM notebooks, all without a PIN. Google’s own bug tracker labeled his report a duplicate, tied to an older legacy issue in Android’s core component architecture. That triage note is itself telling: these look like variations on one long-running flaw rather than a string of unconnected bugs.

Google is not short on Android maintenance work this year. It is simultaneously testing fixes elsewhere in the operating system, including an Android 17 beta build patching battery share and Pixel 6 testing issues, a reminder that lock screen security is one item on a long list competing for engineering attention.

What to Switch Off Until the Patch Lands

Google’s fix had not fully rolled out at publication time, which leaves a practical question: what can a phone owner do right now? Google’s own Gemini support documentation names two separate lock screen toggles, and switching off either narrows the opening this bug and its predecessors have used.

Setting What It Allows Why It Matters Here
“Use Gemini without unlocking” Lets Gemini open and answer general questions from a locked screen at all Turning this off removes every entry point every bypass in this pattern has used
“Make calls and send messages without unlocking” Lets Gemini place calls or send texts without the phone being opened first This is the specific permission the new SMS bug quietly re-enables without a PIN

Both toggles sit inside Gemini’s lock screen settings page, reachable from the app’s profile icon. Turning off “Use Gemini without unlocking” is the more complete fix, though it also switches off hands-free convenience, like asking for directions while the phone sits in a pocket or a car mount.

Frequently Asked Questions

Which devices are confirmed vulnerable to Gemini lock screen bypasses?

The current SMS bug affects Android 16 phones with Gemini’s lock screen access turned on, and Google has said it is not limited to Pixel hardware, though it has not named the affected manufacturers. Earlier related bypasses were confirmed on a Samsung Galaxy S23 FE and a Pixel 7 Pro running Android 13 through 15, and on a Pixel 6a running Android 16, showing the pattern has already touched multiple Android versions and device makers.

How do I stop Gemini from working on my lock screen right now?

Open the Gemini app, tap the profile icon, choose Gemini on lock screen, then turn off “Use Gemini without unlocking,” or for a lighter touch, disable “Make calls and send messages without unlocking.” Both switches are listed in Google’s own Gemini help documentation, and turning them off closes the settings this bug and its predecessors have depended on.

Does this bug affect Samsung’s Bixby or other Android assistants?

Not this specific SMS bug, which is Gemini only. A March 2025 report from security firm Payatu found a related race condition triggered through Samsung’s Bixby assistant on the same lock screen surface, suggesting the underlying weakness lies in how Android’s Keyguard handles any assistant overlay, not in Gemini’s code alone.

Is this bug being actively exploited by criminals?

There is no public evidence yet of organized criminal use. Exploiting it requires physical possession of a locked phone that already has Gemini’s lock screen access switched on. That narrows the realistic threat to opportunistic cases: street theft, or someone with brief physical access to a partner’s or family member’s phone.

Has Google explained why these bypasses keep happening?

Not in technical detail. Google’s public position, laid out in its own blog post on Android’s security approach, is that it is building agentic AI features with security and privacy as a foundation. Four disclosed bypasses of the same lock screen boundary in under a year suggest that foundation is still catching up with how fast Gemini’s on-device permissions are expanding.

As the founder of Thunder Tiger Europe Media, Dr. Elias Thornwood brings over 25 years of experience in international journalism, having reported from conflict zones in the Middle East, Asia, and Africa for outlets like BBC World and Reuters. With a PhD in International Relations from Oxford University, his expertise lies in geopolitical analysis and global diplomacy. Elias has authored two bestselling books on European foreign policy and received the Pulitzer Prize for International Reporting in 2015, establishing his authoritativeness in the field. Committed to trustworthiness, he enforces rigorous fact-checking protocols at Thunder Tiger, ensuring unbiased, evidence-based coverage of worldwide news to empower informed global audiences.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending