Google’s upcoming Android 17 improves lock-screen security by making brute-force PIN and password guessing significantly harder. Multiple outlets report that Android 17 introduces a hard cap of 20 failed unlock attempts. After the device reaches this threshold, the phone enters a permanent lockout state, making continued guessing impractical. Compared with the prior system, which reportedly allowed around 1,800 guesses spread over five years, the new limit sharply reduces the number of attempts an attacker can make.
The change also affects how attempts are counted. Android 17 is said to detect and handle repeated incorrect entries of the same PIN more conservatively, so duplicate guesses are not treated as separate attempts. Additional measures include clearer on-screen lockout messaging that shows wait times in more readable terms rather than relying on countdown timers, and a recovery shortcut accessible from the lock screen to help legitimate users regain access.
The update is part of a broader Android 17 security push and is expected to reach supported devices when Android 17 starts rolling out.