Android’s next FRP update demands a second factory reset to lock out thieves

Smartphones remain prime targets for thieves, and Google’s long-standing Factory Reset Protection (FRP) already tries to turn a stolen handset into a paperweight. Recently, the company outlined a tougher version of FRP that will debut later this year.

Current FRP kicks in when a device is wiped through recovery mode or Google’s Find My Device service. During setup, the phone demands the last Google account or screen-lock credentials; without them, activation stalls. The key that enforces this check lives in secure storage and survives a reset, but attackers have found ways to bypass the setup wizard and regain basic functionality.

Android 15 already closes several loopholes by blocking account creation, screen-lock changes, and app installation when the setup wizard is skirted. The next step goes further: if Android detects an unauthorized reset or a wizard bypass, it will insist on a second factory reset and refuse to boot until the original credentials are entered. A dialog shown during The Android Show: I/O Edition spells it out—failure to authenticate loops the device back to a reset screen, stripping away every feature, even calls.

Google says the hardened FRP will roll out “later this year.” Because stable Android 16 is expected in June and the feature is absent from the latest beta, the upgrade will likely ship in a subsequent Quarterly Platform Release rather than day one.

If the schedule holds, stolen Android phones wiped outside the legitimate settings path will soon be unusable on every level. Owners who recover their devices can still unlock them with the previous passcode or Google account, but anyone else is left with a locked slab and no resale value.