The company didn’t provide the exact reasons behind this innovation, but, apparently, it makes it more difficult for cyber forensic tools to extract data from devices.
It must be noted that back in January 2024, developers of the privacy- and security-focused GrapheneOS recommended to add an automatic restart feature to Android to make the exploitation of certain vulnerabilities in the firmware of such devices as Google Pixel and Samsung Galaxy more difficult. According to experts, forensic specialists use these vulnerabilities to extract information from devices.
The new auto-restart feature was introduced in the latest Google Play services update (25.14) in the Security & Privacy section.
“[The update] enables a future optional security feature, which will automatically restart your device if locked for 3 consecutive days,” – Google.
The point is that a spontaneous restart switches the device from the After First Unlock (AFU) state (user data are unencrypted and available for extraction) to the Before First Unlock (BFU) state (most user data remain encrypted and inaccessible until the device is first unlocked).
Stolen devices and those seized by law enforcement authorities are usually in the AFU state; as a result, experts can retrieve at least some data even from locked devices.
In January 2024, GrapheneOS developers recommended to add an auto-restart mechanism to Android devices to reboot such systems after 18 hours of inactivity and return them to the BFU state. Now Google is actually implementing such a feature, although the inactivity period is 72 hours instead of 18 hours.
It’s worth reminding that, last year, cyber forensic experts were surprised with the strange behavior of iPhone devices that restarted by themselves if not connected to a cellular network for some time. Later, it was confirmed that Apple developers have introduced a protective auto-restart feature in iOS 18.1.