Google is introducing a new automatic reboot feature to Android that aims to limit access to sensitive user data by rebooting unused, locked devices after 72 hours of inactivity.
The feature, now rolling out with Google Play Services version 25.14, is designed to thwart forensic techniques that attempt to extract user data from devices in an unlocked or partially unlocked state.
The new functionality was highlighted in the April 2025 release notes for Google Play Services. According to it, any Android phone or tablet that remains locked for three consecutive days will now automatically reboot. Upon restart, the device returns to a “Before First Unlock” (BFU) state, in which user data remains fully encrypted and inaccessible until a PIN, password, or biometric input is provided. In contrast, after unlocking once (“After First Unlock” or AFU), some data may be accessible in memory or decrypted partitions, even if the screen is subsequently locked again.
Rebooting Androids every 3 days
This move appears to be a direct response to growing concerns around forensic tools that exploit vulnerabilities to extract data from Android devices that have been powered on and unlocked at least once. While Google has not officially commented on the motivation for the feature, its design mirrors similar protections already implemented by the privacy-focused Android fork GrapheneOS, which introduced a configurable auto-reboot system as early as 2022. The Android distribution defaults to 18 hours of inactivity, explicitly aimed at protecting devices against physical access attacks and forensic exploitation.
In January 2024, GrapheneOS publicly warned about firmware vulnerabilities being actively exploited to target Android phones — especially those from Google and Samsung — while in an AFU state. These attacks often involve circumventing the secure element or exploiting bugs in device firmware to bypass standard protections.
Google's new feature, while less aggressive than GrapheneOS' implementation, brings a similar safeguard to the mainstream Android ecosystem. Because it is distributed via Google Play Services rather than a full operating system update, it is expected to reach a wide range of devices without requiring OEM intervention. However, the company has yet to confirm which Android versions or specific hardware models support the feature, nor has it provided user-facing controls or settings for managing the behavior.
Forensic resistance has become an increasingly important security dimension as smartphones hold vast amounts of sensitive personal and corporate information. Traditional Android security mechanisms such as file-based encryption (FBE) and hardware-backed key storage offer strong protection, but these can be undermined once a device is in AFU mode. By ensuring idle devices periodically reboot back into BFU state, Google is adding a simple but effective layer of protection against post-unlock memory extraction, custom cable exploits, and firmware-level attacks.
While this feature enhances baseline security, users seeking maximum protection — such as journalists, activists, or enterprise users with elevated risk profiles — are advised to complement it with additional defenses. These include using long, random passphrases, disabling USB data transfer while locked, and avoiding biometric-only authentication. Privacy-enhancing custom ROMs like GrapheneOS also offer granular controls over hardware peripherals and deeper mitigations against physical compromise.
Leave a Reply