Gmail is the master key to almost every online account — password resets, identity verification, security alerts, everything.

And yet the Gmail app on Android opens instantly if the phone is unlocked. No PIN. No password. No biometric. Nothing.

If someone steals your unlocked phone, they can:

- read all your emails - trigger password resets - delete security warnings - take over multiple accounts

Banking apps require extra authentication. Password managers require extra authentication. Even some messaging apps do.

But Gmail — the most sensitive app of all — does not.

This is a huge, global security problem, and Google should offer an optional app-level lock. The current design assumes the device lock is enough. In real-world theft scenarios, it isn’t.

Curious what others think.