Google Introduces Stronger Theft Protections in Android

Google announced that they're bolstering Android's pre-existing theft protection features with security improvements and more granular control.

In Android 15, failed authentication lock was added which locks the screen after too many failed attempts at authentication, such as your phone's password prompt. Now you'll be able to toggle this feature on and off.

Identity Check prevents you from performing certain sensitive actions without authenticating with biometrics first, ensuring a thief can't simply watch you type your password in and then steal your phone and take over your accounts and data. The feature now covers all actions that use the Biometric Prompt, so your third-party banking apps that use the native biometric authentication will be protected.

With this safeguard, PIN or password can't be used as a substitute for biometrics. You can set a Trusted place where the protection won't be enabled for convenience.

Google is also increasing the lockout time after failed attempts so thieves can't brute force weak passwords as easily. At the same time, identical guesses won't count toward your retry attempts anymore, so if a child or an annoying friend tries to lock you out it's less likely to happen.

Remote Lock allows you to lock your device remotely from any browser with just your phone number, crucial after a theft since every second the phone remains unlocked is time they have access to your data. Google is adding an optional security question to this feature so only you are able to remotely lock your device.

Defaults are important, so Google is now enabling Theft Detection Lock, a feature that uses AI and the sensors in the phone to detect when it thinks a thief has stolen it out of your hands and locks the scree, and Remote Lock by default in Brazil. Hopefully more countries get these features on by default because they're genuinely really useful.

These changes join the previous suite of anti-theft features released all the way back in 2024.

Factory reset protection stops others from being able to use your device if they erase it and try to set it up as their own.

Private Space lets you set up a separate area to store sensitive apps and data with its own separate PIN from your main authentication method, in case your phone is stolen and the thief knows your phone's PIN.

Offline Device Lock locks your device shorty after it goes offline, something a thief may do to try and stop Find My Device from locating it or letting your lock it via Remote Lock.

I wish Apple would copy some of these for iOS, they have some of the same features but not full feature parity with Android here.

The Advanced Protection setting in Android enables a lot of great security protections including some of the anti-theft ones. There's a few features that I feel should be part of the theft protection umbrella though and not locked behind Advanced Protection.

For example, Inactivity Reboot, which automatically restarts your device after 72 hours without being unlocked. When your phone reboots, it enters a more secure mode called "before first unlock" where the passcode hasn't been entered, so the encrypted data is "at rest" and can't be accessed without the passcode. This auto reboot timer not only preserves battery which helps with Find My Device, but it also helps keep anyone with physical access to your phone from exploiting it as easily to get the data on it.

USB Protection is another setting locked to Advanced Protection that disables USB access when the device is locked. Again, this would be very useful against thieves who might try to extract data from the phone.

Overall, it's good to see Google making improvements against one of the most common threats people face, although I'd still like to see a few improvements.