Written By Divya
Published By: Divya | Published: Jul 19, 2026, 03:02 PM (IST)
Google Acknowledges Android Lock Screen Bug That Bypasses PIN For Gemini (Image: AI Generated)
Imagine handing your locked phone to someone for a moment, only to find they could send a text message without knowing your PIN. That’s the issue Google is currently working to fix. A newly reported Android bug affects Gemini’s lock screen functionality and could allow SMS messages to be sent without unlocking the device under certain conditions. Thankfully, Google says the issue has already been fixed internally and the update will roll out soon. Also Read: Realme leaves China, confirms switch to ColorOS 17 for future devices in other markets
But, what is the Android lock screen bug? The issue was first reported on Android 16 devices where Gemini can be accessed directly from the lock screen. Normally, if Gemini tries to access apps like Google Messages after permission has been removed, Android asks the user to unlock the phone by entering the PIN. That’s exactly how it’s supposed to work. Also Read: Google AI Mode introduces more connected apps: YouTube Music, Canva, and Instacart
However, researchers found that pressing two on-screen buttons at almost the same time could bypass this authentication step. Instead of asking for the PIN again, Gemini is allowed to continue and send an SMS. The bug appears to work only under certain conditions, but it shows that the lock screen protection can be bypassed. Also Read: Google Search adds free AI image generation in AI Overviews
The problem isn’t limited to text messages. Reports suggest the same trick can also reconnect apps that were previously disconnected from Gemini. One example mentioned is WhatsApp. Even if access to WhatsApp had been disabled, the bug could reportedly enable it again without requiring the phone owner to enter the device PIN. That makes the issue more serious than simply sending an unauthorised text message.
At the moment, Google hasn’t shared a complete list of affected devices. The issue has been reported on Android 16, and it is believed to affect more than just Pixel smartphones. However, it’s still unclear which brands or Android skins are vulnerable. The exploit also requires someone to physically hold the phone, so it cannot be triggered remotely.
Well, Google has acknowledged about the bug and confirmed that they are aware about the issue. The good part is that there is already a software fix that has been prepared and is expected to roll out soon. Once available, the update should restore the normal authentication process and prevent Gemini from bypassing the lock screen, Google suggested.
Until then, if you don’t regularly use Gemini from the lock screen, you may want to disable lock screen access as an extra precaution. While the bug isn’t something that can be exploited remotely, keeping your device with you and installing software updates as soon as they arrive remains the best way to stay protected.