I already looked and Google knows about this but doesnt care.
By default if unchanged you phone will display notifications including text messages and emails. As long as you know the victims phone number and their phone is nearby you can take their account over fairly easy.
1. Open gmail and put in their email in and click forgot password.
2. Keep hitting try another way until it asks for a phone number.
3. Input their phone number and the security code that was texted to them.
4. Now change their password and recovery info.
5. From there you can now slowly take over their accounts to everything that has its recover info tied to their email including tax accounts and info to name some.
Now this is very situational for the fact the victim would need to leave their phone for 10-20 min. And the user would have to not change their default settings to add things like 2fa and notification blocking