All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Android Lock Screen Bypass via Google Gemini Deep Research Remains Unpatched on Pixel 6a Running Android 16

By

Sandiyo Christan

3d ago· 4 min readenNews
Bagel score 75 of 100
75/100
Toasty
Bagelometer

Crisped on the outside, thoughtful enough on the inside.

Score75TypenewsSentimentnegative

Summary

A security researcher discovered that a previously reported and supposedly patched Android lock screen bypass via Google Gemini's Deep Research feature remains unfixed on a fully updated Pixel 6a running Android 16. The vulnerability allows an attacker with physical access to bypass the lock screen in under 60 seconds without PIN, password, or biometrics. The researcher originally reported the issue to Google VRP in 2024, was rewarded, and Google published details in September 2025, but the fix was incomplete and the bypass still works on the latest software.

Key quotes

· 4 pulled
On a fully patched Pixel 6a running Android 16, an attacker with physical access can escape the lock screen in under 60 seconds using Google Gemini's Deep Research feature — no PIN, no password, no biometrics.
This is a bypass of a previously patched vulnerability rewarded by Google VRP.
I assumed the chapter was closed.
Google acknowledged it, rewarded it, and published details in September 2025.
Snippet from the RSS feed
Android Lock Screen Bypass via Google Gemini — The Patch That Wasn’t (Status: Not Fixed) TL;DR: On a fully patched Pixel 6a running Android 16, an attacker with physical access can escape the …

You might also wanna read

Security researchers adapt Pixel 9 exploit chain to target Google Pixel 10

This article describes how security researchers adapted an exploit chain originally developed for the Google Pixel 9 to work on the Pixel 10

projectzero.google·16d ago

Pixnapping: New Android Security Attack Steals Data from Apps and Websites

Pixnapping is a new class of Android security attacks that enables malicious apps to stealthily leak information from other apps and website

pixnapping.com·7mo ago

Cellebrite Can Extract Data from Pixel 6-9 Phones on Stock Software, But Not from GrapheneOS

Cellebrite, a digital forensics company, has informed law enforcement that its technology can extract data from Pixel 6, 7, 8, and 9 phones

arstechnica.com·7mo ago

Android Vulnerability Allows Malicious Apps to Steal 2FA Codes and Private Data Without Permissions

Researchers have discovered a new Android vulnerability called 'Pixnapping' that allows malicious apps to steal sensitive data including 2FA

arstechnica.com·7mo ago