Google has announced a major expansion of Android’s theft protection tools, rolling out stronger authentication, tougher brute-force defenses, and enhanced recovery options across Android 16 and beyond.
The update makes it significantly harder for thieves to bypass screen locks or misuse sensitive apps, while also giving legitimate users more reliable ways to secure and recover stolen devices.
The most immediate change is the Failed Authentication Lock, which now comes with a dedicated toggle in Android 16’s security settings. This feature automatically locks the screen after repeated failed attempts in apps or settings, complementing existing protections like Theft Detection Lock and Offline Device Lock.
Secondly, Google has increased lockout times after failed PIN, pattern, or password attempts, making brute-force guessing far less effective. Importantly, identical incorrect guesses no longer count toward the retry limit, reducing the risk of accidental lockouts caused by children or repeated taps.
According to Google, this change makes brute-force protection “roughly an order of magnitude stronger” than before. For example, an attacker now gets only seven guesses in 15 minutes instead of 36, with delays escalating quickly.
Another key upgrade is the expansion of Identity Check. On Android 16+, biometric verification is now required across all apps using the Android Biometric Prompt, including Google Password Manager and third-party banking apps. This ensures sensitive actions outside trusted locations are protected by fingerprint or facial recognition, raising the bar for attackers.
Recovery tools have also been strengthened. On Android 10+, users can now set an optional security question at android.com/lock before remotely locking a lost or stolen device. This step ensures only the rightful owner can initiate a lock, adding another safeguard to the recovery process.
Meanwhile, in Brazil, Google has gone further by enabling Theft Detection Lock and Remote Lock by default on new Android devices, reflecting the country’s high smartphone theft rates.
These updates build on Google’s broader push to make Android devices less appealing to thieves, a strategy similar to Apple’s long-standing anti-theft ecosystem.
While iPhones have historically been prime targets due to resale value, premium Android devices like the Pro-level Pixels and Samsung foldables are increasingly attractive. By tightening authentication and recovery flows, Google is aiming to close that gap and reassure users that their devices are secure even in high-risk environments.
The practical takeaway is clear: update to Android 16 when available, enable theft protection features in settings, and set up recovery options proactively. These steps ensure maximum protection against theft and misuse.
