Forgot your Android PIN? Unlock attempts are now strictly limited
Hackers trying to break into your phone might now have a much harder time.

Image by SOPA Images | Getty Images
- Germany’s intelligence services are being considered for expanded powers to actively hack cyber attackers. This would mark a shift from surveillance to offensive cyber operations.
- The proposal reflects growing concern over rising cyber threats targeting Germany and critical infrastructure. Authorities aim to improve deterrence and response capability.
- If approved, spies could gain legal authority to disrupt or infiltrate hostile digital systems. This raises debates about oversight and limits on state hacking powers.
- The change highlights a broader global trend toward more aggressive national cyber strategies. Governments are increasingly treating cyberspace as a domain of active conflict.
Android is tightening phone security in its upcoming Android 17 update by drastically reducing PIN-guessing attempts. What could once stretch into hundreds or even thousands of tries is now far less permissive.
Google’s upcoming Android 17 update is designed to shield users from attacker attempts to guess the phone’s lock screen PIN.
Earlier versions of Android, in some cases, would allow users hundreds of attempts to guess their PIN over days or even years. However, under the new system, repeated failures will result in long lockouts.
According to Mishaal Rahman, Google's Android community engagement manager, Android 17 continues the stricter approach introduced in Android 16 QPR2.
“Android 17 uses stronger default lock screen rate-limiting than previous versions,” he wrote on X.
“Android 16 would allow up to 10 guesses in the first minute, 20 in 6 minutes, 50 in 25 minutes, 110 in 24 hours, and 1800 guesses in 5 years.”
He explains that older versions were also reasonably secure against someone trying to brute-force the PIN on Android devices. However, according to him, in real life, PINs are predictable.
“Attackers can achieve a significant success rate cracking into devices by entering PINs or passwords in order of decreasing frequency, and if they know anything about you (like your birthday), that success rate only increases,” says Rahman.
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
Users will now be limited to 20 incorrect guesses. One more, and the device stops accepting further attempts. However, there is one new alleviation – sometimes legitimate users re-enter the same incorrect PIN or password multiple times, so Android added support for duplicate-guess detection starting in Android 16 QPR2.
“When enabled, users aren't penalized for entering the same incorrect guess multiple times, and these rejections don't increase the incorrect guess count. And the system displays a unique message when a duplicate incorrect guess is entered,” Rahman wrote.
The lock screen also becomes easier to understand during lockouts. For example, instead of reading “Try again in 1800 seconds,” it would read “Try again in 30 minutes.”
The lock screen also shows a recovery shortlink to help users find recovery options on another device.