Android lock screen bug lets Gemini send SMS without PIN; Google confirms fix is coming
A newly discovered Android bug could allow Gemini to send SMS messages from the lock screen without entering the device PIN. Google has acknowledged the issue and says a fix is already on the way.
Published By: Divya | Published: Jul 19, 2026, 03:02 PM (IST)
Imagine handing your locked phone to someone for a moment, only to find they could send a text message without knowing your PIN. That's the issue Google is currently working to fix. A newly reported Android bug affects Gemini's lock screen functionality and could allow SMS messages to be sent without unlocking the device under certain conditions. Thankfully, Google says the issue has already been fixed internally and the update will roll out soon.
But, what is the Android lock screen bug? The issue was first reported on Android 16 devices where Gemini can be accessed directly from the lock screen. Normally, if Gemini tries to access apps like Google Messages after permission has been removed, Android asks the user to unlock the phone by entering the PIN. That's exactly how it's supposed to work.
However, researchers found that pressing two on-screen buttons at almost the same time could bypass this authentication step. Instead of asking for the PIN again, Gemini is allowed to continue and send an SMS. The bug appears to work only under certain conditions, but it shows that the lock screen protection can be bypassed.
This is not just about SMS
The problem isn't limited to text messages. Reports suggest the same trick can also reconnect apps that were previously disconnected from Gemini. One example mentioned is WhatsApp. Even if access to WhatsApp had been disabled, the bug could reportedly enable it again without requiring the phone owner to enter the device PIN. That makes the issue more serious than simply sending an unauthorised text message.
Is your phone affected? Here's what Google said
At the moment, Google hasn't shared a complete list of affected devices. The issue has been reported on Android 16, and it is believed to affect more than just Pixel smartphones. However, it's still unclear which brands or Android skins are vulnerable. The exploit also requires someone to physically hold the phone, so it cannot be triggered remotely.
Well, Google has acknowledged about the bug and confirmed that they are aware about the issue. The good part is that there is already a software fix that has been prepared and is expected to roll out soon. Once available, the update should restore the normal authentication process and prevent Gemini from bypassing the lock screen, Google suggested.
Until then, if you don't regularly use Gemini from the lock screen, you may want to disable lock screen access as an extra precaution. While the bug isn't something that can be exploited remotely, keeping your device with you and installing software updates as soon as they arrive remains the best way to stay protected.
Get latest Tech and Auto news from Techlusive on our WhatsApp Channel, Facebook, X (Twitter), Instagram and YouTube.