Google has introduced an expanded set of Android security and anti-theft features for devices running Android 16 and later, including a new dedicated toggle for the Failed Authentication Lock that automatically secures a device after repeated failed PIN/pattern/password attempts and increases lockout times to make brute-force access harder, while also expanding Identity Check biometric protections across all apps that use Android’s biometric prompt and enhancing remote recovery tools like Remote Lock with optional security challenges to ensure only the rightful owner can secure a lost or stolen Android device.
Sources
https://9to5google.com/2026/01/27/android-failed-authentication-lock/
https://security.googleblog.com/2026/01/android-theft-protection-feature-updates.html
https://www.androidauthority.com/android-theft-protection-upgrades-3635461/
Key Takeaways
• Android 16 and newer now include a customizable Failed Authentication Lock toggle that locks the device after multiple incorrect unlock attempts and increases the lockout duration to deter unauthorized access.
• Google has expanded the Identity Check feature so that all apps using Android’s biometric prompt — including banking and password management apps — require biometric verification for sensitive actions outside trusted locations.
• Remote Lock tools now include an optional security question to ensure only the device’s owner can trigger a remote lock, and other theft protection features such as Theft Detection Lock may be enabled by default in some regions.
In-Depth
Google’s latest Android security enhancements mark a substantial step in improving device protection against theft and unauthorized access, particularly with the introduction of a dedicated setting for the Failed Authentication Lock. Previously, this feature existed as part of broader theft protection, but users now have direct control to enable or disable the lock that automatically secures a device after repeated incorrect unlock attempts. With this update, devices running Android 16 and above will not only lock after too many wrong PIN, pattern, or password entries, but the system will also ramp up the amount of time a device remains inaccessible, making brute-force guessing significantly less effective. Crucially, identical incorrect guesses will no longer count against the retry limit, reducing the chance of accidental lockouts while still strengthening defenses against malicious access.
In addition to screen-unlock protections, Google has broadened its biometric security with an expanded Identity Check that now applies to all apps using the Android biometric prompt. This means that third-party services such as banking apps, password managers, and other sensitive applications will require biometric verification in situations outside of trusted locations, further securing users’ data and financial information even if a device is lost or stolen.
The update also improves remote recovery options through the Remote Lock feature, which now includes an optional security question or challenge to confirm that only the legitimate owner can issue a remote lock command through a web browser. This adds an important safeguard to the process of securing a lost device. In some markets, features like Theft Detection Lock — which uses on-device AI to detect motions indicative of snatch-and-run thefts — and Remote Lock are now enabled by default, providing out-of-the-box protections.
Taken together, these updates reflect a layered security approach that addresses both physical device theft and unauthorized access to personal information, giving users more control and peace of mind while making Android devices a harder target for criminals.