Google Fixes Android 16 Gemini Flaw Letting Locked Phones Send SMS as WhatsApp Access Expands
Updated
Updated · Bitdefender · Jul 18
Google Fixes Android 16 Gemini Flaw Letting Locked Phones Send SMS as WhatsApp Access Expands
3 articles · Updated · Bitdefender · Jul 18
Summary
Google said a fix is rolling out this week for an Android 16 Gemini flaw that lets someone with a locked phone send SMS and WhatsApp messages without entering a PIN.
A specific multi-touch gesture triggers the bypass: pressing Gemini's "Add attachment" and the system's "Continue" prompt at the same time can approve message sending and app reconnection from the lock screen.
The exploit was reproduced on a fully patched Pixel 6a and has been reported since May, showing the issue is not limited to remote hacking but to anyone who gets physical access to the device.
Once abused, Gemini can be reconnected to apps such as WhatsApp without authentication, and the setting persists after the owner unlocks the phone.
The bug is the latest in a string of Gemini lock-screen bypasses since September 2025, underscoring how each new assistant feature on the lock screen adds attack surface.