Google is rolling out a significant new security feature to Android devices via the latest Google Play services update (version 25.14): automatic device restarts after three days of inactivity.
This “auto-reboot” mechanism is designed to enhance data protection by leveraging Android’s file-based encryption and lock state architecture, making unauthorized data access far more difficult if a device is lost or stolen.
How the Auto-Restart Security Feature Works
The new feature, detailed in the April 2025 release notes, automatically restarts Android phones and tablets that have been locked and unused for 72 consecutive hours.
This does not apply to other device categories, such as Android Auto, TV, or Wear OS.
The auto-reboot is triggered if the device remains locked—meaning the user has not entered their passcode or used biometrics to unlock it—over the three-day window.
Upon reboot, the device enters the “Before First Unlock” (BFU) state. In this state, all user data is protected by strong file-based encryption, and access is only possible after the user enters their PIN, password, or pattern.
Biometric authentication methods (like fingerprint or face unlock) are disabled until the passcode is entered.
This is a critical security posture: in the BFU state, even if someone has physical access to the device, extracting meaningful data is virtually impossible without the user’s credentials.
In contrast, once a device is unlocked after a reboot, it transitions to the “After First Unlock” (AFU) state.
In AFU, more data is accessible, and biometric logins are enabled for convenience. However, this also means that if a device is stolen while in AFU, it may be more vulnerable to certain types of attacks.
Technical Details and Precedents
The auto-reboot feature is implemented at the Play services level, meaning it will reach most Android devices without requiring a full operating system update.
This approach allows for rapid and widespread deployment, as Google Play services updates are distributed independently of Android OS upgrades.
The concept is not entirely new. Privacy-focused GrapheneOS has long offered a configurable auto-reboot feature with a default inactivity window of 18 hours (user-adjustable between 10 minutes and 72 hours).
Apple introduced a similar “Inactivity Reboot” in iOS 18.1, which restarts iPhones after four days of inactivity to protect user data.
Security Rationale
The primary motivation for this feature is to reduce the “window of opportunity” for attackers.
If a device is lost or stolen and remains in the AFU state, certain forensic techniques or firmware exploits could potentially be used to extract data.
By forcing a reboot after a period of inactivity, the device is returned to the BFU state, where data is cryptographically locked down and only accessible with the user’s passcode.
Security researchers and privacy advocates have long recommended regular device reboots as a countermeasure against persistent threats and memory-resident exploits.
Google’s move brings this best practice to the mainstream, automating the process for all users.
Rollout and User Experience
The update is rolling out gradually and may take a week or more to reach all eligible devices.
Google has not yet specified which Android versions are supported or whether users will have the ability to configure the inactivity window or receive notifications when an auto-reboot occurs.
On reboot, users will see the standard PIN entry screen, with a message such as “Use PIN after restart,” and must enter their passcode to regain access.
Comparison: Android, iOS, and GrapheneOS
| Feature | Android (Play services 25.14) | iOS 18.1 (Inactivity Reboot) | GrapheneOS (Auto-Reboot) |
|---|---|---|---|
| Default inactivity | 72 hours (3 days) | 72-96 hours (3-4 days) | 18 hours (user-configurable) |
| Applies to | Phones, tablets | iPhones | Phones (custom ROM) |
| User configuration | Not yet announced | Not user-configurable | 10 min – 72 hours |
| State after reboot | BFU (encrypted, PIN required) | Encrypted, PIN required | BFU (encrypted, PIN required) |
Google’s new auto-restart security feature marks a major step forward in protecting Android users’ data.
By automatically rebooting devices after three days of inactivity, Android ensures that lost or stolen devices revert to a highly secure, encrypted state, significantly raising the bar for would-be attackers.
As the feature rolls out, users can expect enhanced security with minimal impact on daily usability—simply enter your passcode after a reboot to resume normal operations.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=This “auto-reboot” mechanism is designed to enhance data protection by leveraging Android’s file-based encryption and lock state architecture){kind=link}