Google has quietly rolled out a new Android security feature that automatically reboots phones after three days of being locked, aiming to boost security. However, not everyone’s convinced it’s the right move.

A Silent but Significant Update

The change arrived as part of the mid-April update to Google Play services (version 25.14), listed under “Security & Privacy” in the official Google System Release Notes. The wording is brief but telling: “Enables a future optional security feature, which will automatically restart your device if locked for 3 consecutive days.”

Unlike the usual Android announcements, this one slipped in without much fanfare, i.e. with no flashy blog post or developer breakdown, just a line buried in a list of updates across devices from phones to TVs.

However, despite the quiet rollout, this appears to be a major shift in how Android handles device security, particularly for phones that may be lost, stolen, or seized.

Why Reboot After 3 Days? It’s All About Encryption and Access

The main reason for this new Android feature comes down to how data is encrypted, and when it’s most vulnerable.

When a phone has been rebooted and hasn’t yet been unlocked by its owner, it’s in what’s called the “Before First Unlock” (BFU) state. In this state, the most sensitive data on the device is fully encrypted and essentially out of reach, even for sophisticated forensic tools. However, as soon as a phone is unlocked, it enters what’s called the “After First Unlock” (AFU) state, where some decrypted data is held in memory to speed up performance and access.

It’s this that creates a window of vulnerability. For example, tools like Cellebrite and Magnet Forensics (often used by police or investigators) can take advantage of the AFU state to extract certain types of data, especially if the phone hasn’t been rebooted in several days. Security experts have long warned of this window/gap. For example, as cryptography professor Matthew Green of Johns Hopkins University put it when Apple introduced a similar feature last year: “If an attacker can keep your phone from rebooting, they can keep it in the vulnerable AFU state forever”.

Therefore, by automatically forcing a reboot after three days of lock-screen inactivity, Android ensures that any phone left unused will revert back to the much more secure BFU state. In effect, it closes the window of opportunity for anyone trying to get into a device without the owner’s passcode.

This appears to be the real driver behind the change, i.e. it’s not really about convenience or performance but rather it’s a deliberate step to reduce the chances of successful forensic data extraction, no matter who’s trying to get in.

Copying Apple’s Playbook?

As highlighted in the previous section, it should be noted that Apple implemented a similar feature last year, and some industry watchers see Google’s move as a belated but necessary catch-up.

With Android following suit in this way, it now seems that both major mobile platforms are adding time-based layers of protection to address real-world forensic threats.

Why Now?

Quite simply, Android following Apple’s lead could be seen as a response to growing forensic capabilities, i.e. the tools used by law enforcement and private analysts are becoming more adept at extracting data from unlocked phones.

What Does This Mean for Everyday Users?

For the average user, this change may go completely unnoticed, unless they’ve left their phone off or untouched for more than 72 hours. Then, they might return to find it’s unexpectedly rebooted and asking for a passcode, rather than accepting biometric logins.

That could be a mild nuisance, especially for business users who:

– Travel frequently and may leave a work phone powered off.

– Use backup phones or devices in rotation.

– Depend on biometric-only login (e.g. fingerprint or face unlock).

For these users, an unexpected reboot could mean delays in access, lost background data (e.g., unsaved files or chats), or even missed updates.

However, for companies handling sensitive data (e.g., law firms, healthcare providers, or cybersecurity outfits), this forced reboot adds another layer of protection, especially if a phone is stolen or misplaced.

Opt-In or Automatic?

One murky area is whether this reboot behaviour is mandatory or optional. In the release notes, Google refers to it as an “optional” feature. However, there’s no toggle visible yet in standard Android settings menus, and no guidance has been published on how users or admins can enable or disable it.

This apparent lack of clarity appears to have already drawn some criticism. For example, as highlighted on social media by tech privacy advocate Jake Williams, founder of Rendition Infosec: “Security through forced behaviour is only helpful if users understand it. Right now, there’s no visibility, no toggle, and no documentation. That’s not great.”

IT administrators managing fleets of Android devices through enterprise tools like Android Enterprise or Mobile Device Management (MDM) platforms are keen to know whether they’ll be able to manage this setting centrally and how this will interact with other enforced device policies.

Could It Disrupt Background Processes or Device Monitoring?

Another concern is how this auto-reboot might affect background tasks on enterprise phones. Some businesses use Android phones for unattended applications, like mobile monitoring, warehouse inventory, or transport tracking. For example, if a logistics firm has Android tablets locked in driver dashboards running 24/7, a forced reboot could temporarily interrupt GPS tracking or routing apps. If no one is around to unlock the rebooted device, it could remain offline.

These kinds of cases may not affect most consumers, but for business users relying on always-on systems, any unexpected restart appears to carry operational risk.

A Shift Toward Default Security Layers

While the auto-reboot change is just one line in a long list of system updates, it appears to be part of a continued evolution in Google’s security approach, one that leans more on automatic, default protections rather than user-controlled ones.

Alongside this feature, the April update also includes improvements to:

– Play Protect (Google’s built-in malware scanning tool).

– On-device location history settings (updated UI and controls).

– Device transfer and setup utilities (simplified for new phones).

It seems, therefore, that the goal appears to be to make Android safer out of the box, without requiring users to understand the details. That said, this approach could backfire if users feel blindsided or if critical details (like the three-day countdown) aren’t communicated clearly.

So far, Google hasn’t published any official blog post or help page detailing how this new auto-reboot works, why it’s been added, or how to manage it. Even the support site refers to it only briefly in system release notes, with no accompanying explanation.

That silence may fuel further criticism, especially in markets where trust in big tech is already fragile.

What Does This Mean For Your Business?

For such a low-key rollout, this new Android feature could have some wide-reaching consequences, both positive and problematic. At its core, the automatic reboot after three days of lock-screen inactivity is a serious move to bolster data protection. This reflects a growing recognition across the tech industry that data at rest (especially in the wrong state) can be dangerously vulnerable. For many users, especially those unaware of how phone encryption works, this update will simply run quietly in the background, but the shift it represents is anything but silent.

From a security perspective, this is clearly a step in the right direction. For businesses handling sensitive information, e.g. legal, financial, or healthcare providers, this automatic return to the most secure encryption state could offer an added layer of peace of mind. For example, a misplaced work phone left in the back of a taxi, or a stolen device locked in a drawer, now has a stronger line of defence by default. For UK businesses, particularly SMEs with fewer internal IT resources, this type of automatic protection may also help close security gaps that might otherwise go unaddressed.

However, Google’s quiet handling of the feature’s rollout has left some questions unanswered. For example, there’s no clear documentation, no toggle in user settings, and apparently no way (yet) for IT administrators to manage the setting across devices. This lack of transparency may create confusion for both individual users and enterprise teams, particularly if it disrupts business-critical processes running on unattended or semi-automated Android devices. For industries that rely on always-on tablets or mobile data terminals, the risk of unexpected downtime or access issues can’t really be ignored.

The fact that this is likely a response to increasingly powerful forensic tools also raises broader questions around user privacy and platform responsibility. Android’s decision mirrors Apple’s earlier move, but the timing and quiet delivery suggest a reactive rather than proactive approach. It may well strengthen security, but it also highlights how quickly threat landscapes can change, and how reliant users are on the decisions made behind the scenes by platform providers.

For now, the feature adds to a wider trend in Android development, i.e. automatic, behind-the-scenes protections designed to make devices safer out of the box, but as ever, the balance between security, usability, and transparency remains delicate. Whether this change becomes a quiet triumph or a point of friction will largely depend on how Google chooses to communicate it going forward, and how well it listens to the concerns of users, developers, and the businesses that rely on its platform every day.

Infamous internet forum 4chan has suffered a major breach, leaking its internal systems, moderator identities, and possibly thousands of user IP addresses, fuelling speculation that this could mark the beginning of the end for the notorious platform.

What Is 4chan And Why Does It Matter?

Founded in 2003, 4chan is an anonymous imageboard often described as a digital Wild West. Users can post without usernames, and content is loosely moderated. While it’s credited with spawning viral memes like Pepe the Frog and rage comics, it’s also been home to some of the web’s darkest corners, from coordinated harassment campaigns to the early spread of far-right conspiracies.

The forum’s politics board has become notorious for radicalising users, some of whom have gone on to commit acts of real-world violence. It’s also where movements like QAnon first gained momentum. Despite being largely shunned by advertisers and mainstream platforms, 4chan remains a highly influential space where internet culture, politics, and trolling collide.

A Major Breach With Far-Reaching Impacts

This week, that chaotic ecosystem was rocked by a hack that insiders say may have been in motion for more than a year. The attack revealed source code, backend templates, moderator tools, and internal databases. Personal data linked to moderators and subscribers was also reportedly exposed, including names, emails, and in some cases IP addresses.

The site was intermittently offline for hours following the breach, with parts of the homepage reportedly defaced and inactive forums mysteriously reinstated. According to public posts by those claiming responsibility, the hack was less about ransom and more about revenge, i.e. an internal feud turned hostile.

One detail fuelling concern is that among the leaked email addresses were several ending in .gov and .edu, which suggests that users tied to government or academic institutions could now be vulnerable to doxxing or blackmail. The risk isn’t just reputational. Depending on how this data is used, it could lead to real-world consequences.

How Did It Happen?

While the full technical picture is still emerging, early reports appear to suggest 4chan had been operating on outdated, insecure software, including an obsolete version of PHP and deprecated methods for database access. If true, this combination likely left doors wide open for a patient and persistent attacker to get in, remain undetected, and eventually extract vast amounts of data.

In cyber terms, this is less of a smash-and-grab and more of a long con and, if a rival forum is to be believed, the intruders used their access to not only leak sensitive information but also revive banned boards and taunt current site administrators.

The Fallout So Far

Internally, 4chan is facing questions it may not be able to answer. For example, its reliance on pseudonymous volunteers, the informal way in which moderation is run, and its almost total lack of public accountability now seem like liabilities rather than strengths.

Externally, the consequences could actually be severe. For example, leaked identities could put moderators at personal risk, especially given 4chan’s history of revenge campaigns and vigilantism. There’s also now a renewed debate over whether parts of the site have effectively been functioning as havens for extremist content under the guise of free speech.

For some long-time observers, this incident could mark a turning point. Without a clear governance structure or commercial backing, the site’s ability to rebuild trust (or even operate securely) looks increasingly doubtful.

Could This Really Be the End of 4chan?

It’s too early to say for sure, but the signs are worrying. Between the reputational damage, the threat to key personnel, and a user base now questioning whether their own data might be at risk, 4chan’s foundations appear shakier than ever.

That said, the site has weathered controversy before, e.g. from the Gamergate harassment campaign to repeated calls for shutdown. However, for many, this time feels different. Unlike previous scandals, which typically involved offensive content or rogue users, this is a structural crisis, and it cuts to the core of who runs the site, how secure it is, and whether it can even survive without turning on itself.

What Does This Mean For Your Business?

If your company operates any kind of community platform, forum, or subscription-based service, this breach could be seen as a wake-up call. For example, it highlights the dangers of outdated code, minimal oversight, and neglecting basic security hygiene, especially when managing anonymous users or sensitive content.

More broadly, the 4chan hack serves as a reminder that digital subcultures can have very real business and societal impacts. It seems that what begins as online trolling can really escalate into public backlash, reputational crises, or even legal scrutiny.

For firms working in cybersecurity, law enforcement, or digital risk management, this incident essentially highlights the importance of monitoring fringe spaces. In short, today’s niche forum may be tomorrow’s national headline, and as this breach shows, even the most apparently chaotic platforms aren’t immune to internal implosion.

Malicious bots now account for 37 per cent of all internet traffic, according to cybersecurity firm Imperva’s 2025 Bad Bot Report, with AI playing a central role in their rapid evolution.

For the first time in a decade, automated traffic (51 per cent) has overtaken human activity online. The rise of accessible AI tools has not only made bots more evasive and effective but also lowered the barrier for low-skilled attackers to launch simple, high-volume attacks.

Imperva warns that bots are increasingly targeting APIs, with 44 per cent of advanced bot traffic now focused on exploiting business logic. These bots scrape data, commit payment fraud, and hijack accounts, often bypassing detection by mimicking human users and leveraging residential proxies, browser spoofing, and CAPTCHA-solving AI.

Tools like ByteSpider (responsible for 54 per cent of AI-powered bot attacks), AppleBot (26 per cent), and ClaudeBot (13 per cent) are being spoofed to launch attacks. Meanwhile, account takeover (ATO) attacks have surged by 54 per cent since 2022, hitting sectors like financial services and telecoms hardest.

Imperva says businesses must urgently adapt by deploying advanced bot detection, securing APIs, applying rate limits, and monitoring for suspicious behaviour. With AI fuelling both the volume and sophistication of attacks, staying ahead requires constant vigilance and smarter defences.

In a UK first, energy giant RWE has successfully trialled bubble curtain technology at its Sofia Offshore Wind Farm to protect marine life from the noise generated during offshore wind construction.

A Breakthrough for British Waters

This kind of system, already in use across parts of Europe, is designed to dramatically reduce the impact of underwater noise during piling, i.e. the process of driving huge steel foundations into the seabed.

RWE and Hydrotechnik Offshore

RWE, one of Europe’s largest renewable energy firms, is leading the project. With decades of experience in power generation, the company has increasingly focused on sustainability and innovation within its global offshore wind portfolio.

At Sofia, RWE has partnered with Hydrotechnik Offshore, a noise mitigation expert known for its proven track record on bubble curtain systems. The offshore wind farm where the bubble curtain technology has been trialled by this partnership is Sofia, a 1.4GW project currently being built on Dogger Bank, some 195 kilometres off England’s north-east coast.

In a Special Area of Conservation

The RWE / Hydrotechnik Offshore collaboration marks a major leap in environmental responsibility, particularly in a zone as sensitive as the Southern North Sea Special Area of Conservation (SAC), where noise regulations are tightly controlled due to the presence of harbour porpoises.

Matthew Swanwick, RWE’s Sofia Project Director, described the trial as “a strengthening of our commitment to environmental responsibility,” adding that such technologies make it possible to develop offshore wind “with minimal impact on marine life.”

How the Bubble Curtain Works

As unusual as it sounds, a bubble curtain deployed in this way can actually be a precisely engineered solution. The curtain has been created in this case by laying a perforated hose in a ring (around 180 metres in diameter) on the seabed around the monopile installation site. When compressed air is pumped through the hose, this is what creates the dense column of rising bubbles that forms a barrier (kind of curtain of bubbles) in the water column.

How The Bubbles Stop Noise

The bubble curtain at the Sofia Offshore Wind Farm is intended to be used to protect marine life from the noise created during offshore wind construction. The bubbles reduce this noise by breaking up and slowing down the transmission of low-frequency sound waves that travel through the water during pile driving. The aim of reducing the underwater noise levels in this way is to minimise the kind of noises that are known to disorientate or harm marine mammals such as whales, dolphins and harbour porpoises.

For example, animals like the harbour porpoise rely heavily on ultrasound for navigation and hunting. Intense man-made noise can interfere with these natural systems, causing stress, behavioural changes, or even driving them away from their habitat. The bubble curtain helps to prevent that.

Why It’s Needed Now

The need for such measures has become more urgent as offshore wind scales up. Construction activities (especially piling) can generate underwater noise levels exceeding 200 decibels. Without proper mitigation, this can seriously disrupt sensitive marine ecosystems.

Also, with the Sofia project being built inside a designated SAC, the use of noise abatement technology was not just a preference, but a necessity. This is because the area is protected under EU conservation rules, and UK regulations also require developers to assess and mitigate environmental impact, especially to protected species.

It’s also worth noting here that public and regulatory scrutiny of offshore developments has increased in recent years, particularly as the UK ramps up its transition to net zero. It’s hoped, therefore, that innovative technology like this can help pre-empt opposition and reassure stakeholders that wind energy can expand without sacrificing ecological wellbeing.

Sofia and Sustainability

The bubble curtain isn’t the only sustainability win at the Sofia Offshore Wind Farm. For example, the £3 billion project is also packed with many other green firsts, including:

– Half of its 100 Siemens Gamesa 14MW turbines will use recyclable blades, which is the highest percentage seen in any major wind project to date.

– The project is deploying two world-first service operation vessels powered by methanol and batteries, slashing up to 10,000 tonnes of CO₂ emissions annually.

– RWE is also backing marine conservation initiatives, including a £25,000 donation to North Sea Conservation, which supports the Whitby Lobster Hatchery, and funding for Clean Planet UK to tackle ‘ghost fishing’ gear in UK waters. Ghost fishing gear includes lost/discarded lines, nets, traps etc.

This suite of sustainability actions looks like placing Sofia at the forefront of responsible offshore development.

How It’s Going So Far

It’s worth noting that the project is still under construction, with piling for the turbine foundations getting underway earlier this year. Offshore installations have been led by Van Oord’s jack-up vessel Aeolus, and by March, more than 60 foundations were already in place. The first turbine was installed soon after using Cadeler’s new Wind Peak vessel.

Bubble Curtain Results Promising

According to RWE, the bubble curtain was trialled during these early phases and delivered a notable reduction in underwater noise propagation, though specific decibel reductions have yet to be made public. However, Swanwick has confirmed that “initial results have been promising” and hinted that the technology may now become standard on future UK projects where marine biodiversity is at risk.

Globally, the system has already shown its worth. For example, it was previously deployed at Vattenfall’s DanTysk project in Germany back in 2013, and more recently at EnBW’s He Dreiht wind farm and the Vineyard Wind 1 project off the US coast. In each case, the bubble curtain has helped balance construction progress with environmental stewardship.

Why It Matters for the Industry

The successful UK deployment of bubble curtain technology is more than a scientific milestone because going forward, it could also change how offshore wind is built.

As construction ramps up on the UK seabed, with gigawatt-scale projects now the norm, concerns over marine impact have been growing. Developers are under pressure to deliver green energy without greenwashing. Technologies like the bubble curtain, therefore, offer a credible, science-based way to address these challenges.

It may also offer some commercial advantages. For example, projects that demonstrate strong environmental credentials are increasingly likely to win regulatory favour, attract funding, and maintain public support. That means early adopters like RWE may now be well-positioned to lead the next wave of sustainable infrastructure.

For the UK, which is targeting 50GW of offshore wind capacity by 2030, the lessons from Sofia could ripple far beyond Dogger Bank.

What Does This Mean For Your Organisation?

The deployment of bubble curtain technology at Sofia shows how sustainability and large-scale infrastructure can go hand in hand. By trialling and proving the effectiveness of this system in UK waters, RWE may have opened the door for wider adoption, not only in future offshore wind developments but potentially in other marine-based construction projects too.

For UK businesses involved in renewable energy, marine engineering, and environmental consultancy, this could be significant. For example, it shows that meeting environmental obligations doesn’t have to slow progress, and it can actually support it. As the offshore wind sector grows, demand for noise mitigation solutions and other responsible construction practices is likely to grow with it. This could create fresh opportunities for companies offering related services, equipment, and expertise.

At the same time, regulators and policymakers will, no doubt, be watching closely. The Sofia project could serve as a valuable case study in how early investment in environmental technology can reduce risks and build stakeholder trust. It also adds weight to the argument that the UK can lead not just in offshore wind capacity, but in how that capacity is delivered safely, sustainably, and in harmony with nature.

For conservation groups, the positive early results from Sofia may offer a note of cautious optimism. While challenges remain, this trial proves that mitigation efforts can be meaningful and measurable. For the public, whose support underpins the clean energy transition, it may help reinforce the idea that green energy doesn’t have to come at the cost of local ecosystems.

What’s happening at Dogger Bank is really a testbed for the kind of innovation that could define the next chapter of the UK’s net zero journey where sustainability is no longer a bolt-on, but a central part of how we build the future.

If you have something newsworthy to say then getting the right PR contacts to wire out your story has never been easier! This video shows how to compile a list of PR contacts automatically, thereby saving you significant time and hassle.

[Note – To Watch This Video without glitches/interruptions, It may be best to download it first]

Think your antivirus is enough? If your browser isn’t secure, your data, and even your logins, could be at risk. Luckily, tightening things up takes just a few minutes. Here’s how:

How to lock things down (Chrome example):

– Click the three dots in the top right, then go to Settings.
– Select Privacy and Security.
– Turn on Enhanced Protection under Safe Browsing — this gives you faster, smarter protection from phishing, dodgy sites, and harmful downloads.
– Go to Cookies and other site data, and choose Block third-party cookies for more private browsing.
– Scroll to Site Settings, then:
– Block pop-ups (unless you really need them).
– Disable camera and microphone access unless needed.
– Check permissions for location, notifications, and clipboard, and switch off anything that looks unnecessary.

Bonus steps:

– Install a reputable ad blocker (e.g. AdGuard – there are many others).
– Use a password manager instead of letting your browser save logins.
– Make sure automatic updates are enabled so you’re always running the latest security fixes.

Pro-Tip: These steps apply to most major browsers – Firefox, Edge and Brave all have similar privacy and security menus. Just search for Privacy settings in their menus and follow the same logic.