Android’s 72-Hour Rule: What This New Security Tool Means for Your Data
While Android has introduced increasingly robust security features over the years, malicious actors are constantly finding new ways to infiltrate devices and access user data, especially if they physically obtain the device. Now, Google is implementing a new feature designed to provide Android devices with enhanced protection, even when they fall into the wrong hands.
Last year, Apple introduced “Inactivity Reboot” to iPhones with iOS 18. This feature automatically restarts an iPhone that remains locked and unused for three consecutive days. Upon restarting, the iPhone enters the “Before First Unlock” (BFU) state. In this state, the encryption keys are locked, significantly hindering unauthorized access to the sensitive data stored on the device.
Automatic Restart After 72 Hours of Inactivity
It appears Android is now gaining a similar security mechanism. A new feature will force-reboot a smartphone or tablet after 72 consecutive hours (three days) of being locked and inactive. Mirroring its iOS counterpart, the Android device will enter the BFU state following the automatic restart.
In this BFU state, security is significantly enhanced because biometrics, passcodes, and user accounts are not yet active or logged in. This makes it considerably more difficult for someone to bypass the device’s security and access the data, in contrast to a device that is already active or in the “After First Unlock” (AFU) state.
The arrival of this feature appears to be a response to incidents highlighted last year, where reports indicated government agencies and hackers were obtaining iPhones and attempting to breach their security. While gaining access to a smartphone in the BFU state is still theoretically possible, it presents a far greater challenge for malicious entities.
This new security feature is being rolled out with the latest Google Play Services update, version 25.14 (released on April 14, 2025), and is located within the Privacy & Security section. It seems to be a system-level change that is enabled by default, without a user-accessible toggle to disable or enable it.
While the precise compatibility range is currently unclear, it is anticipated that this feature will be supported by a broad range of Android devices, potentially including those not running the very latest Android 15 or Android 16 operating systems. The update should reach more devices gradually over the coming weeks.
What are your thoughts on this new security feature for Android? Should Google prioritize further improvements to Android’s security and privacy features in Android 16? We are interested in hearing your opinions in the comments below.
