Google is introducing an automatic reboot feature for Android to safeguard sensitive user data. The feature, which is rolling out with Google Play Services version 25.14, is designed to prevent unauthorized data extraction from unlocked or partially unlocked devices by automatically rebooting those that remain locked for 72 hours.

Figure 1. Auto-Restart Feature on Android .

This new functionality, detailed in the April 2025 release notes for Google Play Services, triggers a reboot on any Android phone or tablet that has been locked for three consecutive days. Upon restart, the device returns to a "Before First Unlock" (BFU) state, where user data remains fully encrypted and inaccessible until the correct PIN, password, or biometric authentication is provided [1]. In contrast, once a device has been unlocked ("After First Unlock" or AFU), some data may be vulnerable, as it could be stored in memory or on decrypted partitions, even if the screen is later locked again.

This move addresses concerns about forensic tools that exploit vulnerabilities to extract data from Android devices that have been powered on and unlocked at least once. While Google hasn't officially stated the motivation for the feature, its design is similar to protections already implemented by the privacy-focused GrapheneOS, which introduced a configurable auto-reboot feature in 2022. GrapheneOS defaults to 18 hours of inactivity to protect devices from physical access attacks and forensic exploitation.Figure 1 shows Auto-Restart Feature on Android.

In January 2024, GrapheneOS issued a public warning about firmware vulnerabilities actively being exploited to target Android devices, particularly those from Google and Samsung, while in AFU mode. These attacks often involve circumventing the secure element or exploiting bugs in the device firmware to bypass standard protections.

While Google's new feature is less aggressive than GrapheneOS's, it introduces similar protections into the mainstream Android ecosystem. Distributed via Google Play Services, it is expected to reach a wide range of devices without requiring updates from device manufacturers. However, Google has not yet confirmed which Android versions or specific hardware models will support the feature, nor has it provided user-facing controls for managing it.

Forensic resistance is becoming an increasingly important aspect of smartphone security, as devices hold vast amounts of sensitive personal and corporate data. Traditional Android security features like file-based encryption (FBE) and hardware-backed key storage provide strong protection but can be bypassed once a device enters AFU mode [2]. By ensuring idle devices reboot into the BFU state periodically, Google adds an additional layer of defense against post-unlock memory extraction, custom cable exploits, and firmware-level attacks.

While this feature boosts baseline security, users who require maximum protection — such as journalists, activists, or enterprise users with higher risk profiles — are encouraged to take additional measures. These include using long, random passphrases, disabling USB data transfer while locked, and avoiding biometric-only authentication. Privacy-enhancing custom ROMs like GrapheneOS also offer more granular control over hardware peripherals and additional safeguards against physical compromise

Reference

1. https://www.bleepingcomputer.com/news/security/google-adds-android-auto-reboot-to-block-forensic-data-extractions/
2. https://cyberinsider.com/google-adds-auto-restart-to-android-to-block-unauthorized-data-extraction/

Cite this article:

Keerthana S (2025), Google Introduces an Auto-Restart Feature on Android to Prevent Unauthorized Data Extraction, AnaTechMaz, pp.134.