Do Son 
Google is introducing a new security feature in Android that will automatically reboot locked and unused devices after three consecutive days of inactivity. Upon reboot, the device’s memory returns to an encrypted state, effectively rendering direct access to user data impossible.
Although Google has not officially disclosed the rationale behind this feature, experts believe its purpose is to hinder the efforts of digital forensics tools commonly used to extract data from devices without authorization. By enforcing automatic reboots, the system more frequently reverts smartphones to a state considered technically “inaccessible” for exploitation.
The feature was first identified in version 25.14 of Google Play Services. According to the update notes, a device will automatically restart if it remains locked for three consecutive days. This reboot places the device in a “before first unlock” (BFU) state, where the majority of user data remains encrypted and inaccessible.
A similar approach had previously been implemented by the developers of GrapheneOS—an alternative operating system focused on privacy. Their system reboots devices after just 18 hours of inactivity, rapidly returning them to a maximally secure state. Now, Android incorporates a comparable concept, albeit in a gentler form—the interval has been extended to 72 hours and cannot be adjusted manually.
The rationale behind this lies in the typical behavior of smartphones, which, during regular use, remain in an “after first unlock” (AFU) state. In this state, data is already decrypted, and tools like Cellebrite can potentially access it, even if the screen is locked. Automatic reboots after prolonged inactivity significantly diminish the effectiveness of such tools, particularly in scenarios involving extended physical access to the device.
Amnesty International has previously reported that well-known digital intrusion tools exploit vulnerabilities in USB drivers to circumvent Android’s protections. This raises further security considerations: disabling USB data transfer while the device is locked is recommended to bolster defense.
The Google Play Services update is being rolled out via the Google Play Store, though availability will be staggered. Users can also check for essential Android security updates under Settings → “Security & Privacy” → “System & Updates” → “Google Play System Update.”
