Your Locked Android Phone Might Not Be as Secure as You Think
A flaw in Google Gemini allows anyone to send messages from your locked Android phone using just their voice. Here's what families need to know.
Source
GetCyberRight Intelligence
Original headline: Gemini Lock Screen Message Flaw
Plain-English summary by GetCyberRight. Read the full report at the source above.
What Happened
A security researcher recently discovered that Google's Gemini AI assistant can send text messages from locked Android phones without requiring any authentication. No PIN, no fingerprint scan, no face unlock needed. Just a voice command, and someone holding your phone could send messages as you.
The Details
Security expert Graham Cluley uncovered this privacy flaw while testing how Google's AI assistant works on locked devices. Here's the problem: Gemini responds to voice commands even when your phone screen is locked and should be protected.
Anyone who picks up your locked Android phone can say a simple command to Gemini and send a text message to your contacts. They don't need to know your passcode. They don't need your fingerprint. They just need to speak.
This bypasses the basic security principle that locked devices should stay locked until the owner proves their identity. Most people assume their lock screen protects everything on their phone. This flaw breaks that assumption for one of the most personal features we use: our messages.
Who Is Affected
This issue affects Android users who have Google Gemini enabled on their devices. If you've set up Gemini as your AI assistant, you could be vulnerable.
Families should be especially concerned. A child could pick up a parent's phone and accidentally send messages. A stranger who finds a lost phone could send inappropriate messages to your contacts. Anyone with brief physical access to your device could impersonate you through text.
What You Should Do Right Now
Open your Android Settings and go to Google Assistant settings. Look for the option that controls Assistant access on your lock screen. Turn off "Lock screen personal results" to prevent AI actions when your phone is locked.
Review which apps can work from your lock screen. Go to Settings > Security > Lock screen preferences. Disable any features you don't absolutely need accessible while locked.
Stay one step ahead of scammers
Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.
Consider disabling Gemini voice activation entirely until Google fixes this flaw. You can still use Gemini by opening the app manually.
Talk to family members about phone security. Make sure everyone understands that phones should never be left unattended, even when locked.
Keep your phone's software updated. When Google releases a patch for this vulnerability, install it immediately.
The Bigger Picture
This flaw highlights a growing tension in technology: convenience versus security. AI assistants are designed to be helpful and responsive. But every feature that makes them more accessible can also create privacy risks.
As AI becomes embedded in more of our daily tools, these types of vulnerabilities will likely increase. Staying informed about emerging threats isn't optional anymore. It's essential for protecting your family's digital life.
How GetCyberRight Can Help
Our Cyber Threat Radar tool tracks exactly these kinds of privacy vulnerabilities in mainstream consumer technology. We monitor emerging threats in AI assistants, smart home devices, and everyday apps so you don't have to.
You'll get plain-English alerts about security issues that actually affect your family, with clear steps to protect yourself. No technical degree required.
Curated from trusted cybersecurity sources by GetCyberRight
Source: GetCyberRight IntelligenceStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

WordPress Just Force-Updated Millions of Sites. Here's What You Need to Know
A critical WordPress security flaw let hackers take control of sites with just one request. The automatic update that fixed it might have saved your business.
4 min read
The WordPress Myth That Put Millions of Websites at Risk
A critical flaw in WordPress itself shattered the belief that only sketchy plugins cause hacks. Here's what happened and what to do now.
3 min readSteam Game Scam Exposes Hidden Malware Danger for Gamers
FBI arrests Florida man for uploading fake games to Steam that stole passwords and drained crypto wallets. Here's what gamers need to know.
3 min read
The Hidden Patch Problem: When Software Fixes Don't Come with Warnings
OpenSSL fixed a critical security flaw without telling anyone. Here's why that matters for your family's online safety and what you can do about it.
3 min read