Google first confirmed that Android 17 would be getting stronger lock screen protections back at Google I/O, but the specifics of those protections haven't been made very clear. Now we know exactly what Google has planned, and it's going to make trying to bypass Android's lockscreen a lot harder for potential snoops.
Mishaal Rahman, who works in Community Engagement for Android, has confirmed these details on X. To be honest, while we expected Google to make significant changes, I'm surprised that things have gone quite this far.
🔒Android 17 makes it harder for thieves to access your data!On supported devices, we've significantly reduced the number of times someone can guess the PIN or password, and added longer wait times between failed attempts.Let's dive deeper into what's changing🧵 pic.twitter.com/aq5GoQrK1WJune 30, 2026
If your phone is running Android 16, you'll be allowed up to 10 PIN guesses in the first minutes, 20 within six minutes, 50 in 25 minutes, 110 over a 24-hour period and 1,800 guesses over five years. Android 17 reduces this significantly, with six guesses in the first minute, which increases to seven in six minutes, eight within 25, 12 over the course of 24 hours and just 19 guesses over the course of five years.
After 20 incorrect guesses, your phone will be locked down. This is not a whole lot of opportunities to guess a four to six-digit passcode, but from a security standpoint, that makes a lot of sense. The fewer guesses potential hackers have, the harder it is for them to successfully access your phone.
Apparently, old limits let hackers take advantage of the fact that people gravitated towards common passcodes, rather than random ones. Should someone know more personal information, such as birthdays or other key dates, then their odds of cracking into your phone are significantly higher. Having several hundred attempts just meant it would be a matter of time before they got in.
There are protections for your own mistakes
Google will be adding duplicate guess detection, starting with the Android 16 QPR2 update. When switched on, this feature stops duplicate guesses from being counted towards your total. In other words, you can type in "1234" as many times as you like, and it will only count as a single incorrect guess. Android will point out that you've been typing in the same wrong PIN as well.
If your passcode actually is 1234, you'd better change that pronto. The only way your phone could be more insecure is if you didn't have a passcode at all.
If you somehow enter 20 incorrect PINs all by yourself, the Android 17 lock screen will feature a recovery shortcut that lets you access different recovery options on a new device. Details on this haven't been specified, but that presumably means you won't be locked out of your phone forever simply because your annoying cousin deliberately entered the wrong passcode several times.
Presumably, the number will also reset every time you correctly enter a passcode. That way, you don't get 20 guesses for the entirety of your phone's lifespan — because that would be plain ridiculous.
Android 17 is available on select devices right now, including Google's Pixel lineup.
More from Tom's Guide
- iOS 27 takes huge leaps with AI, but it's still missing this key feature Android has had for years
- Major security holes in AirDrop and QuickShare put your phone at risk of attack — here's how to protect yourself
- 'Easily the biggest leak in Apple's history': iPhone 18 Pro final design may have just been revealed in a stolen drop test video