Android phones will soon reboot themselves after sitting unused for three days
253 comments
·April 19, 2025greatgib
rvnx
Interestingly, it could also be seen the other way around; it's a potential way for Google to force deployments of system updates (potentially at the request of law enforcement). With an automatic reboot, then the update can automatically be applied without user action.
kokada
This makes no sense, Android already will reboot itself after receiving an update and being inactive for a while (generally while charging it will install the update in its secondary partition, do some verification checks and reboot if there is no user interaction).
kqr
This sounds vendor-specific and not general for Android. I've never had that happen on any device but Windows and I would be very upset if it did happen.
rixed
Except that on most phone you can already reboot the device if you long-press some button, can't you?
BurningFrog
You can always turn it off and on, AFAIK.
rtpg
At least on iOS an update requires an explicit unlock, is this not the case on Android?
There could be secret pathways but I don’t know them.
VWWHFSfQ
It's already trivial to reboot a locked android phone
dheera
They should really implement a dual user / dual password system to combat those countries.
If you enter password 1 it goes into your normal account, if you enter password 2 it goes into another user account with a burner environment where you can install a few token commonly used apps for plausible deniability.
The existence of password 2 should be optional and you should not be able to tell if the system has one or two passwords configured.
dataflow
> install a few token commonly used apps for plausible deniability
It's gonna be seen as pretty implausible when you don't have constant & recent messages with your loved ones in there.
mystified5016
This is the real reason
markus_zhang
I actually think this is the reason. But I think Android has an option to disable auto update?
oarsinsync
> in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished. If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.
This sounds a lot like the Regulation of Investigatory Powers Act 2000 in the United Kingdom, where several people have been prosecuted and imprisoned for failing to provide encryption keys.
joak
It's good to be able to disable this option: I use old Android phones as servers and don't want them to reboot every 3 days.
MattSayar
Completely agree, I don't want this to disrupt the Bop Spotter
yellowapple
Probably a good time as any to replace it with something purpose-built anyway. A Raspberry Pi with a directional microphone and a custom app feeding said microphone data to a service like AudD or ACRCloud could readily do the trick without any of Android's extra baggage - though I do wonder how effective those services would be at detecting songs amid a bunch of background noise like Bop Spotter does via Shazam.
lostlogin
Thanks for this.
blackoil
Don't think old Androids will get this update.
Lammy
Why so dismissive of how somebody wants to re-use an old phone that you would compare them to the absurd fictitious behavior in that comic? Would you rather they become e-waste? If it fits their needs then it fits their needs regardless of the use-case that was marketed.
xethos
It's a Google Play Services update, likely explicitly to be able to push it to all (Google-using) Android phones immediately, without waiting for OS updates. This will not be a "Guess I'll get it in a few years" update.
TulliusCicero
Eventually, the android phones of today will be old android phones.
MiddleEndian
I generally like XKCD but dislike the message in this comic. If that's that guy's workflow, they don't have to actively support it, but he should be given the option to disable updates so he can continue to use his tools in the way he sees fit.
SXX
This is super annoying on newer iOS for device that I use purely for development. Before it was possible just keep iPhone unlocked indefenitely, but now it reboots and boom I have to use TouchID again.
This is again Apple being Apple making things harder without option to disable it even when development mode is on.
Has anyone found a way to bypass it?
crazysim
Do you think it's possible to jiggle it ala mouse jigglers and USB jigglers?
SXX
Problem is not user activity - it just needs PIN, TouchID or FaceID. Even if you logged to device via iPhone Mirroring it's still gonna reboot, get locked after 72 hours and for me personally it breaks iPhone Mirroring half of the time too.
One physical option to bypass it on iPhone SE is to actually physically activate PIN entry and then use Voice Control command to enter the pin since it works even before first unlock. Though this is basically compromises pin and device encryption. But it's cheap since there are plenty of $2 devices that can simulate touchscreen clicks.
I just want some easier option that works and not require agent 007 setup to just run a buld of my AI-generated crap via Xcode.
layer8
> I have to use TouchID again.
Don’t set it up with a passcode in the first place?
SXX
Unfortunately I use Advanced Data Protection on my Apple account so I kind a need that passcode. And moving to having completely different Apple account for development is PITA.
saagarjha
Keep an app running?
SXX
Might be I did something wrong, but even with YouTube video running via iPhone Mirroring device still went to reboot.
null
nativeit
Considering this is all about Android adopting a very similar feature, it doesn’t sound like “Apple being Apple”…
Mountain_Skies
It's Apple being a trailblazer and leading the industry. Sometimes that lead is in a bad direction.
ololobus
I can only second this. I have an old iPhone with a second sim-card, because I need it from time to time. And Apple introduced this auto-reboot a bit earlier, iirc last year. The problem is that after rebooting it also disconnects from wifi, so e.g. SMS/handoff synchronization stops working until you enter a passcode. This is very annoying because it was very convenient for me to receive calls/SMS to my main iPhone.
It’s a good and reasonable feature, especially if for some reason you are afraid of state or security agencies in a place where you live, or maybe during travel. It’s still questionable, because in some states you can indeed go to jail if you don’t unlock. Yet, I really want to be able to turn it off for use-cases like mine.
Talanes
>It’s still questionable, because in some states you can indeed go to jail if you don’t unlock. Yet, I really want to be able to turn it off for use-cases like mine.
Even if the end result is the same, anything that forces authorities to use official power over informal power is a net win.
sneak
Apple doesn’t like supporting the use case of multiple phones for one person. They even encourage their employees to use their personal devices and accounts.
Spooky23
That is very reasonable advice for the vast majority of people.
I have to have 3 devices: mine, work and a shared one for travel that crosses customs boundaries. It’s a massive pain in the ass.
kwanbix
I don't get the difference. Today after 72 hours (3 days) my phone asks me for my password and won't accept biometrics. Also, this is a problem for all the people that use them as alarm clocks. I use Alarm Clock Xtreme for example.
xrisk
(At least on iOS) shutting down the phone has something to do with wiping credentials/keys from RAM from where they can potentially be dumped. A just-booted phone is fully encrypted with no keys in memory.
krisoft
> Also, this is a problem for all the people that use them as alarm clocks.
Yes. But quite honestly the right solution for that would be Apple providing an alarm clock API. The alarm clock application could call it with the next scheduled alarm’s time and the os would just wake up at that time and let the application do the sound / alarm thing.
h4x0rr
The phone doesn't accept biometrics but is still in AFU state. Encryption keys are in memory.
null
gcanyon
For this use case there needs to be a reasonably quick way to erase/permanently lock a phone. Or maybe it needs to be something that is both 1. Less severe than that 2. Secure against personal inducements 3. More automatic.
So maybe something like a paired app with a friend/someone who is beyond the reach of the authorities, and if the phone isn't unlocked in a given definable period (or it can be triggered immediately), it then can't be unlocked without that person's active cooperation.
That's off the top of my head, so I'm sure there are optimizations.
dsr_
GrapheneOS offers hardening before first unlock, and an optional distress code that wipes the storage rather than unlocking.
Currently only available for Pixel phones, 6 and later. Offers many other security-related features.
dominojab
[dead]
hypeatei
You might get even more charges for doing that, though. Destroying evidence, obstruction or some made up charge.
gcanyon
Sure, I'm just saying there's a way to put unlocking the phone in the hands of someone who at least is not under the control of a hostile authority.
LWIRVoltage
A Veracrypt style hidden OS profile that is forensically invisible would be a better option - This would allow one to enter a password and give another "profile" or OS- that unlike current alternate profile stuff- would be solid against Cellebrite and GreyKey snooping into the device, and it'd be impossible to tell there was a hidden user/etc on it
NekkoDroid
This just gave me an idea: How about the phone accepting 2 password. One is the regular password and brings you into your regular account and then a dummy password that brings you into a dummy (but somewhat plausible, maybe user set up) account. That way you can still enter your normal account whenever you feel like it and if you are being pressured you just put in your "alternative password" and it just brings you to the dummy account.
greatgib
It would be a kind of duress password.
But the problem is that when authority wants you to unlock your device, they kind of already know why, what they are expected to find but they would that as a more complete proof. But from external input they would expect some downloaded files or accounts (like social accounts you were connected with your phone a minute ago), some SMS they saw passing, some call logs, so connection to your known accounts...
exe34
you'll get rubber hosed just in case.
null
jfkimmes
This is a Google Play Services update. For GrapheneOS users without GApps wondering: A similar feature is already built-in: https://grapheneos.org/features#auto-reboot
morpheuskafka
That’s weird. I wouldn’t expect Play Services to handle a system function like rebooting unrelated to any Google services.
ffpip
Play services is how Google delivers many Android updates now so that all users can get security updates without waiting for the device vendor to publish it for each device.
Freak_NL
Heh, my first thought was “Don't they do this already?”, but apparently GrapheneOS was ahead of the curve there. Nice.
illiac786
Still ahead of the curve, as it can be disabled on grapheneOS while it apparently won’t bee possible in Android ;)
hackernewds
How would an OS taking over your hardware would be ahead of the curve or nice?
throwaway314155
Because it's an effective tactic against exploits that can't survive a reboot, which is somewhat common from my understanding. The idea being that police can confiscate your phone and just keep it on and charged until they can buy or develop an exploit targeting your current device and software.
I was admittedly confused about this distinction at one point too. It's a trade-off (although few people effected by this own phones with truly free, user-respecting soft/hardware in the first place).
kernal
> GrapheneOS was ahead of the curve there
Not really. Samsung was the first with this, but their reasoning had absolutely nothing to do with security. It was because their phones slowed down over time and their solution was to give users the option to reboot it at specific intervals. You could even make the argument that the Samsung solution is still the superior solution because you get to set the interval.
amelius
Huh, I have GrapheneOS and I never noticed it rebooting. (And when i manually reboot, the "BIOS" prevents it from booting without acknowledging that I'm aware it's a non-Google OS, so how does it work?)
daneel_w
The feature is not enabled by default. Also, the boot doesn't wait for you indefinitely - it just gives you a few seconds to glance the checksum and halt it, before it proceeds automatically.
edent
You don't have to acknowledge anything. The boot screen shows a warning which you can interrupt. If you don't do anything it'll continue to load as normal.
NotPractical
Typical lazy Ars reporting. The feature originates from GrapheneOS, not iOS.
kernal
No, the feature first appeared on Samsung phones to fix their bloat / slowdown issues. Now it’s suddenly a security feature.
ignoramous
> This is a Google Play Services update
As the GrapheneOS docs note, the feature is better implemented in init and not in system server or the app/services layer like Google has done here? Though, I am sure Google engs know a thing or two about working around limitations that GrapheneOS developers may have hit (in keeping the timer going even after a soft reboot, where it is just the system server, and the rest of the userspace that depends on it, that's restarted).
sva_
Samsung has also had this feature for ages.
null
Suppafly
Mine randomly reboots semi-periodically already, even when it hasn't been shown as having downloaded an update.
That said, I think this is a fairly good idea, although with the encryption stuff they do, this will cause people who rarely use their phones to miss calls and alarms.
morpheuskafka
It would be easy to store alarms in an unencrypted partition or even EEPROM as they take no space. Calls is a harder problem, although in principle if the SIM doesn’t have a PIN, you should have everything you need.
udev4096
They stole the idea from GrapheneOS and shipped a barely half-baked version with hardcoded time. GrapheneOS has configurable time for it since years
iancarroll
I would guess the more likely inspiration would be Apple recently adding this to iOS, if GrapheneOS had it for years and they didn’t add it...
surajrmal
As the article alludes to, Apple recently shipped the same policy to iOS so this is likely just following the precedent from them. Android developers don't pay attention to community forks.
throawayonthe
[dead]
lysace
I'd claim that Microsoft pioneered this time limit security concept with Windows 95 almost 30 years ago.
They went with 2^32-1 milliseconds or about 49.7 days.
We don't talk enough about Microsoft's strong legacy of security innovations, IMHO.
yalok
I’m not sure it was because they cared about security - looks more like accounting for 32-bit timestamp rollover would be very disruptive to the huge (legacy) code base and it was a quick fix to work around the problem :)
philistine
I'm pretty sure you're joking. Windows 95 crashed if you sneezed in its general direction, I'm pretty sure it would blue screen due to some edge case well before 49 days of runtime.
Dwedit
To this day, some programs malfunction after 2^31 milliseconds have passed since bootup, which is the halfway point. Milliseconds since bootup has just become negative, and has not rolled over yet. Just having a negative number of milliseconds is enough to mess with those programs.
mcraiha
Can you set the time to one minute?
OneDeuxTriSeiGo
Graphene's autoreboot has 12 different options (excluding disabling it) ranging from 72 hours down to 10 minutes and the timer is reset each time the device is unlocked. Tbh I think a 1 minute setting would actually be nice (for things like when you are going through customs, etc) but I get why they don't provide it.
devrandoom
Not against it, but I'm genuinely curious what the use case would be for that?
amelius
I guess as a prank, just like setting the language to Chinese for English speakers.
67593874748
Could be useful in a scenario where you won't be using your phone often and really want to maximize battery life.
udev4096
No, that is unrealistic. Please stop trolling
II2II
How so?
The system only reboots once it has been locked for a particular duration. Setting it to 1 minute basically says: put the system into a more secure state (e.g. purge unencrypted memory) and ensure that it is ready to go when I next need it. That said, while it is not unrealistic it would be problematic since accidentally letting the phone lock (e.g. input timeout) would result in a time consuming reboot.
ThePowerOfFuet
Why would you want it to auto-reboot after one minute?
The minimum on GrapheneOS is 10 min and the maximum is 72 hours. It can also be disabled.
gumbojuice
It's not great news for my old phone used for wifi at our guesthouse (let's a few security cams and our smart lock get online)
rixed
Same here, using several old androids as hotspots here and there. They stopped receiving updates long ago though, so I'm not worried.
clort
Its not an OS update, its a Google Play Services update .. so if they still apply you would get it
I found it strange that things like 'prettier settings screens' and 'improved connection with cars and watches' would be included in Google Play Services. Surely those things are part of the OS not part of a thing which helps you access the Play store?
I've been using a LineageOS (prev. Cyanogenmod) phone for years and have never installed any google stuff so I don't get these updates anyway.
aftbit
They've been moving more and more into Google Play Services because:
1. It's deployed to all devices and not subject to manufacturer approval for updates
2. It's easier to update without requiring user interaction or approval
3. It's closed source unlike Android so changes can't be incorporated by competitors
Rebelgecko
Its an anti fragmentation measure
1832
Also bad news for my megayacht (use's an old android phone to monitor location and detect movement)
wizzwizz4
You should be able to switch this off, if you notice it being enabled, so (now you know about it) it should be a one-time downtime.
devrandoom
I skimmed through the docs, couldn't see anything about soaking disabling it.
wizzwizz4
It's right there in the Google System Release Notes. Quoting https://support.google.com/product-documentation/answer/1434... :
---
### Google Play services v25.14 (2025-04-14)
#### Security & Privacy
• [Phone] Enables a future optional security feature, which will automatically restart your device if locked for 3 consecutive days.
pengaru
I used to do something similar for the security cams at my desert property.
Picked up a gl.inet x300b off ebay and never looked back.
LinuxBender
Not bad. If I could make a feature request it would be something like, After 3 days of being idle:
- [ ] Reboot
- [ ] Power Off
- [X] WIPE triple opt-in
Maybe there is a custom phone OS for this that makes the phone act more ephemeral and network boot off my self hosted iPXE/immich server? A dumb smart phone so to speak. An ephemeral diskless phone.
al_borland
A wipe seems extreme. An unexpected trip to the hospital could leave someone with a wiped phone when they come to.
criddell
If that’s something you are worried about, don’t choose that option.
Krasnol
Is there a person on this planet where an unexpected hospital visit could not happen?
LinuxBender
Someone may want that behavior if they were intentionally injured and kept from their phone for 3 days. The perpetrators will eventually get past the hospital security. Contents should be backed up in a safe place either way, possibly in a place that someone that cares about them may access it.
dist-epoch
The WIPE is doable with a custom "management app", which has the permission to wipe the phone. Maybe such a thing already exists.
kccqzy
A long long time ago, adding Gmail to your phone via the Exchange protocol over m.google.com gives Google the ability to wipe your phone remotely, including iPhones as well. No management profile needed.
hnburnsy
So the phone will reboot it self, but...
1) There is no developer accessible API to allow app developers to create an app to allow me to script power options (example, as an end user I want to script a restart or shut down my phone nightly).
2) Asking Google Assistant will not restart or shut down the phone.
3) Apple and Android have made it harder to shut down the phone, requiring double key press kung fu to even bring up the power menu.
vishnuharidas
I found that this saves a lot of battery. My old Motorola G5G is now sitting idle, and I had to charge it every 4-5 days. I found that if the phone is restarted and NOT unlocked, it will stay charged for more than 10 days. My best guess is that a screen unlock is required to start many of the OS-level services, which takes up all the battery.
If this is true, then the new update will save a lot of battery for those phones that are sitting idle.
chowells
Everything except a very minimal core is kept on an encrypted partition. Until the password is provided, most things can't launch.
emrah
A phone sitting idle is very unusual though, a very edge case
kshacker
I have 3 phones, for various reasons. Not SIMs, but 3 devices. The usage is radically different between them. 2 of them are used daily but even there one routinely runs out of battery and other does not dip below 80%. The third one gets used when it gets used :)
graypegg
> ...the new Play Services will limit that exposure to three days, even if it's plugged in.
This will be fun to track down after a long weekend in embedded devices once this android patch number is old enough to be baked into crappy payment terminals and mall kiosks.
Probably overall a good thing though.
tripdout
I don't think those would be likely to have Play Services, though.
erelong
sounds good as opt-in configurable feature, but like it could have unforeseen consequences if forced on all users?
FeistySkink
How is this going to work with SIM cards that need a PIN? I'll be just unreachable until I notice the reboot?
myself248
Or if you're primarily reachable by an app that can't launch until AFU, the phone reboots silently and you don't realize it, and you're incommunicado.
Some time later, you need to do something on the phone, you unlock it, the app starts up, and a flood of messages pours in. Wow, some of those would've been really useful to receive in a timely fashion! Whoops!
switch007
Locking the SIM is considered part of the feature on GrapheneOS AIUI
fguerraz
How about instead of patching up our societies with technology we vote for the right people / laws for once?
homebrewer
This won't help those of us living in countries where "elected" officials elect themselves. We haven't had a single honest election in decades (and probably won't ever have one), so measures like this are better than nothing.
beeflet
That plan, if implemented, may last as short as 1 election cycle. All political progress will inevitably be undone.
In contrast, technological change will forever alter the balance of power. What we should be asking is "Instead of patching society with political solutions, how about we solve fundamental problems permanently with technology?".
dagmx
Does passing laws against a crime/overreach completely stop it happening?
scarface_74
You don’t vote for the police or the three letter agencies and elected officials have little power over people with guns. Yes I know both on the the state level the police are suppose to be under the command of the civil government. But no elected official wants to get on the wrong side of the police unions.
Besides most people support the police no matter what. Police know not to abuse their powers against Whites.
https://www.blackenterprise.com/white-protesters-form-human-...
recursive
How about both?
tehjoker
If you vote for the wrong people (i.e. people that want a more humane society), the billionaires will simply coup the government. Remember: they own the things that keep society running, so they have real power. We run the things that they own, so we also have power when combined together.
teddyh
This feudal system is too oppressive! Let’s put a good king on the throne!
bigyabai
The "right people" aren't represented by either side of America's bipartisan system. Good luck with your mass popular movement.
It's good to have an option like that, even being a default, but there definitively need a switch to disable that if it is your own will.
It's not even necessarily that good enough against cops, because in a lot of shitty countries, even some pretending to be democratics, not disclosing or at least inputting your password might be a crime severely punished. If I'm not wrong, there was a guy that had to stay years in jail until he would comply with the judge order to unlock his device.