Get the best of PhoneArena in your inbox!
Read Next

Android 17 makes it harder for a brute-force attack to successfully break into your phone

With this change for certain Android phones, even brute-force Cellebrite machines will be severely limited.

Android 17 badge against a white background.
They don't call it a lock screen for nothing. Google, back in May, said that it would be making it harder for bad actors to bypass the lock screen in order to break into an Android-powered smartphone. It all comes down to reducing the number of guesses that a person gets to type in for your passcode before barbed wire comes out of the phone casing and severely damages their hands and fingers.

Google sharply reduces the chances a thief has to break into your phone


No, I'm just kidding, of course. Android has a time-based lockout system and there are no barbed wire flesh-cutting booby traps for those trying to break into an Android handset. With Android 16, you are allowed to make as many as 10 attempts to type in the correct PIN in the first minute, 20 tries in the first six minutes, 50 attempts in 25 minutes, 110 guesses over a 24-hour period, and 1,800 tries over five years.

This is the main reason I like the change
1 Votes

Android 17 makes it harder for someone to take a guess at your PIN by reducing the number of chances to six in the first minute, seven in the first six minutes, eight within 25 minutes, 12 over 24 hours, and only 19 over five years. After only 20 incorrect attempts at typing in the PIN, the phone is locked down. Even a brute-force tool like a Cellebrite machine is going to have a hard time cracking the code with this low amount of guesses allowed.


We would imagine that the running total of guesses is reset after each correct entry that results in the unlocking of the device. After all, who would buy a phone knowing that they had only 20 opportunities to unlock their Android handset for the entire lifetime of the device?

Recommended For You
Mishaal Rahman, who works in Community Engagement for Android, posted a tweet in which he states that Android 17 makes it harder for thieves to break into your phone and steal your data. This was accomplished by significantly reducing the number of times the PIN could be guessed while extending the time between each attempt.

Google made this change all because of the numbers


The reason for the change is all based on the numbers. Under the old system, attackers could guess passcodes that are more typically used by phone owners. If someone knows your birthday or other important dates in your life, the odds of that person breaking into your phone are higher. Those odds are even higher if the attacker has 1,800 chances to guess the right passcode within five years.

Giving someone so many opportunities over five years improves the chances that someone can break the code. Even with one million possible choices to figure out a six-digit PIN, by whittling away possible combinations by knowing important dates in the potential victim's life, and having so many opportunities to guess, there is a chance that an attacker can unlock your device.

Google even added a fail-safe in case you accidentally type an incorrect PIN multiple times


If you're running Android 17 on your Android, you also have duplicate guess detection. With this feature, incorrect PIN attempts are stored in memory and if you accidentally type in a duplicate incorrect number, it won't count toward one of your attempts. This is important considering that it now takes only 20 incorrect chances to get locked out of your Android phone.

Why you should always use a six-digit PIN instead of a four-digit PIN


In other words, the duplicate guess detection feature is for those who had the wrong PIN typed in by mistake. This could happen when the device owner typed the numbers too fast, got distracted, or couldn't stop their annoying sibling from grabbing the phone and typing in the same wrong code multiple times.

When you set up your Android phone, you are asked whether you want to use a four-digit PIN or a six-digit PIN. You should always go with the six-digit option and here's why. With a four-digit PIN, there are only 10,000 possible combinations. But if you add two more digits and make it a six-digit PIN, there are suddenly one million possible combinations.
Recommended For You
COMMENTS (0)
Latest Discussions
by Tinamichelle • 2
by readdriver • 2
by ECPirate37 • 2