Codex Mobile: Drive an AI Coding Agent From Your Phone

Why this matters

The longest agent runs are the ones you cannot watch. You kick off a refactor across 40 files, walk away, come back 20 minutes later, and the agent has stopped on a prompt asking permission to delete a test file. You missed the window. The next branch run starts cold.

Codex on mobile fixes that one specific failure mode. OpenAI shipped Codex inside the ChatGPT mobile app on May 14, 2026, on iOS and Android, free on every plan including Free and Go. The phone is not a coding environment. It is a control surface for a Codex session running on your dev machine.

The result: you can keep agent work moving while you are away from your desk. Which is most of the day.

What it actually does

The mobile app is not running Codex locally. Your code, credentials, and tools stay on the machine where Codex is already running (a Mac, a Mac mini sitting in a closet, a devbox, or a managed remote environment). The phone is a thin client that:

• Lists the active Codex threads on your paired machine.
• Streams terminal output, screenshots, and test results as they happen.
• Surfaces approval prompts (“Codex wants to run rm -rf node_modules/. Approve?”) with two-tap accept or reject.
• Lets you switch models mid-session (route to GPT-5 for a tricky bug, drop back to Codex Mini for boilerplate).
• Accepts new context from the phone — paste a Slack thread, attach a screenshot, point at a Linear ticket.

The model running the work is still GPT-5 or whatever you have Codex configured for. The mobile app does not change the model. It changes who can see and steer it.

The setup, end to end

Five minutes, three steps.

1. Update your ChatGPT mobile app.

iOS App Store or Google Play. Look for “Codex” tab in the bottom nav. If you do not see it, force-quit and reopen. The rollout is staged but it has hit every region as of late May.

2. Pair your dev machine.

On the machine where Codex is installed, run:

codex auth mobile pair

This opens a browser, prompts for ChatGPT login, and surfaces a 6-digit code. Enter the code in the mobile app under Codex → Pair Device. The pairing persists across reboots; you only do this once per machine.

3. Start a session and walk away.

From your laptop, kick off any Codex run as usual. The session shows up in the mobile app within a few seconds. You can now leave.

What you can do from the phone

The interaction model is deliberately constrained. The phone is for steering, not authoring.

• See live state. Terminal output, screenshots Codex took, test results, diffs across files, approval prompts.
• Approve or reject commands. Codex’s safety policy still asks before destructive operations. Approve, reject, or approve-with-edit (the “edit” lets you tweak the command first).
• Switch the underlying model. If Codex is stuck, swap from GPT-5 to GPT-5 Pro for a single turn, or drop to Codex Mini to save tokens on a long mechanical pass.
• Add context. Paste a stack trace, attach a screenshot of a Figma file, link a Linear ticket. The new context goes into the active session’s next turn.
• Pause and resume. Hold the session and pick it up from your laptop later, with the full history preserved.

What you can’t do, and why

• You cannot start a fresh project from the phone. A new Codex session needs to be initiated from the dev machine. The phone is for sessions that already exist.
• You cannot edit files by hand. No file editor. If you want to manually change a line, do it on your laptop. The phone is for telling Codex what to change.
• You cannot bring your own model. The model menu is limited to what Codex supports on the paired machine. No Claude routing from the mobile app today.

These are design decisions, not bugs. The phone is a control surface. If it tried to be an editor, it would be a worse editor than Cursor on a 14-inch screen.

Four workflows that get unblocked

1. The long refactor over lunch.

You start a multi-file refactor at noon, walk out for lunch, and the agent gets stuck five minutes in asking about a TypeScript edge case. Pre-mobile, that session sits idle until you come back. Post-mobile, you answer the prompt from the line at the salad place, and the work is done by 1pm.

2. The PR review from the gym.

You queued Codex to write tests for a new module before your gym session. Forty-five minutes later you are reviewing the diffs from your phone in the parking lot. If a test is wrong, you tap “rewrite this case with the following constraint” and walk in. By the time you are showered, the tests are green.

3. The midnight production fix.

PagerDuty wakes you up. You SSH into the devbox from your phone (Termius or Blink), kick off Codex with the incident context, and approve its plan to roll back the bad migration. You go back to sleep without ever opening the laptop. The full incident timeline is in the Codex session for tomorrow’s postmortem.

4. The “I had an idea in the shower” workflow.

You are out for a walk and you realize the right fix for a thorny bug. You open the existing Codex session from this morning, paste your idea into the chat, and Codex picks it up. By the time you are back at your desk, the diff is ready to review.

The security model

The most common question is “where does my code go?” Short answer: nowhere new.

Your code, credentials, build environment, and tool definitions all stay on the dev machine where Codex was already running. The mobile app does not download your repository. It does not store API keys. It does not have network access to your private services.

What crosses the network:

• Terminal output streams (text + occasional screenshots Codex took).
• Approval prompts (the literal command Codex wants to run).
• Your responses (approve, reject, new context messages).

Everything else stays local to the paired machine. If you would not be comfortable with that text crossing the network to ChatGPT, you should not be comfortable with Codex running it on your laptop in the first place. The mobile app does not change your threat model — it just exposes the same data to you on a different screen.

For sensitive enterprise environments, the pairing flow respects whatever Codex policy you have configured. If your org has Codex restricted to certain repos or certain tool calls, the mobile app honors those same policies. There is no escape hatch.

What to do this week

1. Update the ChatGPT mobile app on your primary phone.
2. Pair your dev machine using codex auth mobile pair.
3. Kick off one long-running task tomorrow morning (a refactor, a test-writing pass, a doc generation), then leave the room.
4. Approve and steer from the phone for the first hour.
5. Notice that you got 60 minutes of agent work done while doing something else.

The cumulative win is not “I shipped one feature from my phone.” It is that the constraint of “I have to be at my desk for Codex to make progress” is gone. Multiply that by every long agent run you would have done, and the math is obvious within a week.