In the ever-evolving cybersecurity landscape, Microsoft has introduced various new features in Windows 11 designed to protect users from modern workplace threats. Among such features, Smart App Control (SAC) changes how Windows devices handle, and occasionally block, unwanted or potentially malicious applications.

But what exactly is Smart App Control? How does it work, who benefits most, and are there any caveats? In this story we’ll share some history and explain why SAC has been something of a stealth feature in Windows 11.

What is Smart App Control?

Smart App Control is a security feature in Windows 11 designed to block untrusted or potentially dangerous applications from running on a PC. Built directly into the operating system (through Windows Security), SAC leverages code signing, Microsoft’s intelligence cloud, and artificial intelligence to make real-time decisions about whether an app or application should be allowed to run. Its goal is to minimize the risk that malware, ransomware, and unwanted software could run on users’ systems — with minimal user intervention.

At its heart, Smart App Control is a kind of gatekeeper. When you attempt to run an app, SAC evaluates its trustworthiness. That evaluation is based on numerous criteria: Is the app digitally signed? Is it widely used and recognized as safe by Microsoft’s threat intelligence network? Has it been flagged previously for questionable behavior?

If an app fails one or more such checks and is found suspicious or untrustworthy, SAC blocks its execution, silently preventing a potential security event before it starts.

How does Smart App Control work?

SAC operates using a combination of cloud-based intelligence, local analysis, and digital signatures. Here’s a step-by-step breakdown of how it functions:

• App verification: When a user attempts to launch an application, SAC inspects the file. It first checks if the app is digitally signed by a trusted publisher, an important indicator of legitimacy.
• Cloud intelligence search: SAC then consults Microsoft’s extensive security databases in the cloud. These aggregate threat data from millions of Windows devices worldwide. If the app has been flagged already or is recognized as part of any malware campaign, it is blocked.
• AI-based analysis: For less clear-cut instances, SAC uses AI to evaluate an app’s behavior. That is, it looks for telltale signs of malware or unwanted code. Such a dynamic analysis helps catch emerging threats not yet known to the cloud.

When an app is blocked, the user gets a clear, informative notification. Usually, there’s no way to override SAC’s decision, which puts security ahead of convenience. It also ensures that users will quickly report false positives.

Smart App Control is designed to be simple and automatic. Unlike conventional antivirus or endpoint security, it requires no updates to definitions, nor manual scans. SAC works behind the scenes to block threats in real time. Because it uses both local and cloud-based intelligence, it’s always current.

On the downside, some legitimate apps, especially older or custom business software, may not be digitally signed, resulting in false positives. If SAC decides an app is unsafe, the only way to run the app is to turn SAC off.

Working with Smart App Control

Notably, Smart App Control is enabled by default — but only on “clean installs” of Windows 11 version 22H2 or later. Systems upgraded from older versions of Windows 11 will always show SAC in the “Off” state.

Microsoft made this decision to avoid potential compatibility issues with legacy or line-of-business applications. That means users can’t benefit from SAC unless they have a newer PC or somebody reinstalls Windows 11 from scratch on an older one. (See my Windows clean install tutorial for complete instructions.)

SAC prerequisites

To get granular: SAC requires that the following be present as Windows 11 comes up for the first time:

• Secure Boot, a security feature that allows only trusted, digitally signed software to run as Windows boots up
• A working chain of trust, including current CA-2023 boot certificates in Unified Extensible Firmware Interface (UEFI) and a CA-2023 compliant bootloader

Newer PCs — namely, those built in 2018 or later, with Windows 10 or 11 installed prior to delivery — routinely include UEFI-only boot and support Secure Boot from the get-go. Indeed, Secure Boot was introduced with Windows 8, and the original certificates came along in 2011 (Production PCA 2011, UEFI CA 2011, and KEK CA 2011). They’ve been shipped in firmware ever since.

As long as such machines get updated through Windows Update (or some managed equivalent, such as Microsoft Intune, Windows Autopilot, or Microsoft Configuration Manager), the new certificates and a proper chain of trust should be established on those PCs. (See FAQ: What you need to know about expiring Windows Secure Boot certificates for more information.) All this said, only Windows 11 imposes a working Secure Boot environment as a hard and fast system requirement as of 2021.

In short, Secure Boot and the chain of trust provide the essential foundation for SAC to start with a clean bill of health, security wise, and keep things that way. To learn more about Secure Boot and its various certificates and trappings, consult the Secure Boot and Windows Secure Boot Key Creation and Management Guidance pages on Microsoft Learn.

Modes of operation

SAC has three distinct modes:

• On: SAC actively monitors and blocks untrusted apps.
• Evaluation: SAC quietly observes your usage patterns and system needs before fully activating.
• Off: SAC is disabled and will not intervene.

SAC will normally start in Evaluation mode for up to a month, then turn itself On or Off depending on observed system behavior. Once turned on, SAC cannot be set back into Evaluation mode. Organizations or users who run custom software or specialized workflows should leave SAC in Evaluation mode to ensure that business functions keep working.

To check SAC’s status:

1. Open the Windows Security app.
2. Navigate to App & browser control.
3. Look for the “Smart App Control” section. You’ll see the current status: On, Off, or Evaluation mode, as shown in Figure 1.

Until recently, SAC could not be toggled off and on again — once it was turned off, you had to reinstall or reset Windows 11 to re-enable it. But with the April 2026 Patch Tuesday release of Windows 11 (KB5083769), admins and elevated users can turn SAC on or off as they see fit, as long as the initial setup conditions described above are met.

This toggling capability is a step forward for usability and safety, because it lets users with administrative privileges temporarily disable SAC in order to install, update, or uninstall certain unsigned apps, such as those that rely on Windows Installer Transform (MST) files, and then turn SAC back on immediately.

Note that this feature is being gradually rolled out, so you may not have access to it yet.

Smart App Control compared to other Windows 11 protections

Microsoft has long offered security features like Windows Defender, Controlled Folder Access, and Application Control. SAC differs in its general, automated approach. Rather than relying on static definitions, group policies, or user input, SAC leverages real-time intelligence and AI.

In many ways, SAC takes the best bits of Application Control (previously available through Device Guard and Windows Defender Application Control) and makes them accessible to a wider audience. It also involves little or no manual setup and few, if any, policy issues. Then again, as covered earlier in the story, SAC also functions as a black box: one either lives with its judgments, or does without it.

Real-world impact and industry reception

Feedback from the IT community has been mostly positive. Security researchers note SAC’s ability to block emerging threats before traditional antivirus solutions can respond. But SAC is hardly bullet-proof: a number of studies cite focused exploits or workarounds to bypass or trick SAC. For instance, Elastic Security Labs documented multiple techniques to break SAC in 2021, with follow-ons from Hacker News and TechRadar.

As always, a proactive approach to cybersecurity that includes teaching users to avoid trouble remains a key ingredient in establishing and maintaining a strong security posture.

For end users, SAC’s presence may go largely unnoticed — until, that is, it intercepts a malicious download or prevents installation of a suspicious or malicious program. Or, as the case may sometimes be, when users try to run old, unsigned software that SAC won’t allow.

Tips for IT administrators

For IT professionals considering deploying devices with SAC, certain best practices are worth implementing:

• Test SAC in Evaluation mode before rolling out widely, especially if your organization relies on custom or legacy software, or if anything important is unsigned.
• Educate users about SAC’s presence and purpose so they understand why certain apps may be blocked. Set up a procedure to request support and/or fixes, particularly if important software gets blocked. Possible workarounds include restricted VMs with SAC turned off to run unsigned applications.
• Maintain an up-to-date inventory of critical applications and ensure as many as possible are digitally signed by trusted publishers.
• Monitor Microsoft resources Learn, Support, and Answers forums for SAC updates, compatibility lists, and troubleshooting tips.

The future of Smart App Control

As threats continue to evolve, Microsoft should continue to expand SAC’s capabilities. Undoubtedly it will use more advanced AI models and deeper integration with Windows Defender and Microsoft 365 security. Future updates may introduce more granular controls for enterprise environments, including managed exceptions and better reporting tools.

For now, SAC represents a useful additional tool for Windows security. It’s intended to shift the balance in favor of the good guys in the ongoing war against malware. So far, it’s been a modest step forward. But it’s not unthinkable that SAC could offer more and better protection in upcoming Windows releases.

[Also see: FAQ: What you need to know about expiring Windows Secure Boot certificates]

This article was originally published in September 2025 and updated in June 2026.

CryptoLocker. WannaCry. DarkSide. Conti. MedusaLocker. Qilin. The ransomware threat has exploded over the past decade, and it isn’t going away anytime soon; the news brings constant reports of new waves of this pernicious type of malware washing across the world.

Ransomware gained in popularity in large part because of the immediate financial payoff for attackers: It works by encrypting the files on your hard disk, then demanding that you pay a ransom, frequently in Bitcoin or other cryptocurrency, to decrypt them. Now many ransomware gangs are switching tactics, stealthily infiltrating enterprise systems, collecting sensitive corporate data over time, and later threatening to expose that data if the organization doesn’t pay up.

Nevertheless, individuals and businesses are still at risk from traditional ransomware attacks. In this article, I’ll show you how to keep yourself safe in Windows 11 — and Windows 10 too, for those who haven’t yet moved to Windows 11 — including how to use an anti-ransomware tool built into both versions of Windows.

(Administrators, see “What IT needs to know about ransomware and Windows” at the end of this article.)

This article assumes that you’re already taking the basic precautions against malware in general, including running anti-malware software and never downloading attachments or clicking links in email from unknown senders and suspicious-looking email. Also note that this article has been updated for Windows 11 25H2 and Windows 10 22H2. If you have an earlier Windows release, some things may be different.

Use controlled folder access

Microsoft is concerned enough about ransomware that it built an easy-to-configure anti-ransomware tool directly into Windows 10 and 11. Called controlled folder access, it protects you by letting only safe and fully vetted applications access your files. Unknown applications or known malware threats aren’t allowed through.

By default, the feature is not turned on, so if you want to protect yourself against ransomware, you’ll have to tell it to get to work. And you can customize exactly how it works by adding new applications to its whitelist of programs that can access files, and adding new folders in addition to the ones that it protects by default.

To switch it on, you’ll need to access Windows Security. To get to it in Windows 11, click Start > Settings to open the Settings app, then select Privacy & Security > Windows Security.  

In Windows 10, click Start > Settings to open the Settings app, then select Update & Security > Windows Security.

In Windows Security, select Virus & threat protection. On the screen that appears, scroll down to the “Ransomware protection” section and click Manage ransomware protection. On the next screen, under “Controlled folder access,” toggle the switch to On. You’ll get a prompt asking if you want to make the change. Click Yes.

You shouldn’t leave it at that and feel safe yet, because there’s a chance that you have folders you’d like to protect that the feature ignores. By default, it protects Windows system folders (and folders underneath them) like C:\Users\UserName\Documents, where UserName is your Windows user name. In addition to Documents, Windows system folders include Desktop, Music, Pictures, and Videos.

But all your other folders are fair game for any ransomware that makes its way onto your PC.

To add folders you want protected, click the Protected folders link that appears after you switch on controlled folder access. A prompt appears asking if you want to make the change. Click Yes. Click the Add a protected folder button that is on top of the list of protected folders that appears, then navigate from the screen that appears to the folder you want to protect and click Select Folder.

Continue to add folders in this way. Remember that when you add a folder, all folders underneath it are protected as well.

If you decide at any point to remove a folder, get back to the “Protected folders” screen, click the folder you want to remove, and then click Remove. Note that you won’t be able to remove any of the Windows system folders that are protected when you turn the feature on. You can only remove the ones that you’ve added.

Microsoft determines which applications should be allowed access to protected folders, and unsurprisingly, among them are its own Microsoft Office apps. Microsoft hasn’t published a list of which apps are allowed, though, so consider taking action to let apps you trust access your files.

To do it, go back to the screen where you turned on controlled folder access and click Allow an app through Controlled folder access. A prompt appears asking if you want to make the change. Click Yes. From the screen that appears, click Add an allowed app, navigate to the executable file of the program you want to add, click Open, and then confirm you want to add the file. As with adding folders to the list of protected folders, you can remove the app by getting back to this screen, clicking the application you want to remove, then clicking Remove.

Hint: If you’re not sure where executable files are located for programs you want to add to the allow list, look for the folder name with the program’s name in the “WindowsProgram Files” or “WindowsProgram Files (x86)” folders, then look for an executable file in that folder.

Note: In Windows 11, OneDrive folders are automatically protected by controlled folder access when you turn it on. However, they may not necessarily be protected in Windows 10. In Windows 10, on the “Ransomware protection” page, you’ll be notified in the Ransomware data recovery section whether your OneDrive files are protected. If they’re not protected, click the Set up OneDrive button there.

Back up… but do it properly

The whole point of ransomware is to hold your files hostage until you pay to unlock them. So one of the best protections from ransomware is to back up your files. That way, there’s no need to pay the ransom, because you can easily restore your files from the backup.

It’s a good idea to not just back up to a local drive but additionally use a reputable cloud-based storage and backup service. If you back up to a drive attached to your PC, when your PC gets infected with ransomware, the backup drive will likely be encrypted along with any other disks inside or attached to your PC. Cloud backups are generally less vulnerable but not wholly immune to ransomware attacks.

Make sure that your backup service uses versioning — that is, it keeps not just the current version of each of your files, but previous ones as well. That way, if the most current version of your files gets infected, you can restore from previous versions. Most popular backup and storage services, including Microsoft OneDrive, Google Drive, Carbonite, Dropbox, and many others, use versioning. It’s a good idea to get familiar with the versioning feature of whichever service you use now, so you can easily restore files in a pinch.

Some services, including OneDrive and Google Drive, now offer ransomware detection. Users are notified of suspicious activity and can use the vendors’ tools to remove infected files and restore older versions.

Stay patched

Microsoft regularly releases Windows 10 and Windows 11 security patches, and they’re automatically applied via Windows Update. But if you hear about a ransomware outbreak, you shouldn’t wait for Windows Update to work — you should immediately get the update yourself so that you’re protected as soon as possible. And it’s not just Windows updates you want to get. You also want to make sure Windows Security, Microsoft’s built-in anti-malware tool, has the latest anti-malware definitions.

To do both in Windows 10, go to Settings > Update & Security > Windows Update and click the Check for updates button. In Windows 11, go to Settings > Windows Update and click the Check for updates button. (If updates are already waiting for you, you’ll see them listed instead of the Check for updates button.) If Windows finds updates, it installs them. If it requires a reboot, it will tell you.

You need to worry not just about Windows staying patched, but other software as well. If you use an anti-malware program other than Windows Security, make sure it and its malware definitions are up to date.

And the other software on your PC should be kept up to date as well. So check how each piece of software gets updated and make sure to update each one regularly. For help keeping all your apps up to date, consider setting up an automated tool like Patch My PC Updater or Software Update Monitor (see our tutorial “How to keep your apps up to date in Windows 10 and 11”) — or, if you’re comfortable using the command line, try the WinGet command (see “WinGet: The best way to keep Windows apps updated”).

Disable macros in Microsoft Office

Ransomware can be spread via macros in Office files, so to be safe you should turn them off. Microsoft now disables macros from the internet by default, but that doesn’t necessarily mean that they’re turned off in your version of Office, depending on when you installed it and whether you’ve updated it.

To turn them off, when you’re in an Office application, select File > Options > Trust Center > Trust Center Settings and select either Disable all macros with notification or Disable all macros without notification. If you disable them with notification, when you open the file you’ll get a message warning that the macros were disabled and letting you turn them on. Only turn them on if you’re absolutely sure they’re from a safe, trusted source.

Get ransomware protection and/or mitigation tools

Just about any anti-malware program includes built-in anti-ransomware protections, but there are several programs that promise to specifically target ransomware. Most are paid, but there are also some free options.

Bitdefender offers free decryption tools that can unlock your data if you’ve been attacked by ransomware and it’s being held ransom. They can only decrypt data that’s been encrypted with certain specific pieces or families of ransomware, including REvil/Sodinokibi, DarkSide, MaMoCrypt, WannaRen, and several others. Avast offers its own set of free decryption tools.

What IT needs to know about ransomware and Windows

Many Microsoft 365 and Windows commercial plans, especially at the enterprise level, include ransomware detection and protection tools. Advanced products such as Microsoft Defender XDR are also available under separate licenses.

Even without those tools, there’s plenty that admins can do to protect Windows systems from ransomware. The most obvious: Apply the latest security patches to not just all PCs in an organization, but all servers and any other enterprise-level hardware. Also lock down application permissions, train users to spot phishing attempts, and, of course, securely back up all corporate data.

IT also needs to make sure the notoriously insecure SMB1 Windows networking protocol is disabled in all devices. Multiple ransomware attacks have spread through the 30-year-old protocol; even Microsoft says it should be used by no one, ever.

The good news is that Windows 10 version 1709, released in October 2017, finally did away with SMB1. (It’s not in Windows 11, either.) But that’s only for PCs with clean installs of version 1709 or later. Older PCs that were updated from earlier versions of Windows still have the protocol built in.

The Microsoft support article “Detect, enable and disable SMBv1, SMBv2, and SMBv3 in Windows” offers details about how to turn off the protocol. It recommends killing SMB1 but keeping SMB2 and SMB3 active, and only deactivating them for temporary troubleshooting.

Administrators can use the controlled folder access feature (covered earlier in this article) to stop ransomware from encrypting files and folders of PCs running Windows 11 or Windows 10 version 1709 or later. They can use the Group Policy Management Console, the Windows Security Center, or PowerShell to turn on controlled folder access for users on a network, customize which folders should be protected, and let additional applications access the folders beyond the Microsoft defaults, as detailed  in the Microsoft articles “Enable controlled folder access” and “Customize controlled folder access.”

One potential issue with controlled folder access is that it might block apps that users typically use from accessing folders. So Microsoft recommends using audit mode first, to see what will happen when controlled folder access is turned on. For information about how to do it, go to Microsoft’s “Evaluate exploit protection” documentation.

As noted above, Office macros can spread ransomware. Microsoft is now blocking macros downloaded from the internet by default, but to be safe, IT should use Group Policy to block them. For advice on how to do it, go to the “Block macros from running in Office files from the Internet” section on Microsoft’s “Macros from the internet will be blocked by default in Office” documentation.

This article was originally published in January 2018 and most recently updated in May 2026.

Over the past decade, there’s something I’ve hinted at, mentioned in passing as a part of broader discussions, and told more people than I can count privately via email and other one-on-one conversations.

And now, as the writer of the internet’s longest-standing Android column and newsletter — a fancy way of saying someone who is apparently now old as molasses — I feel like I’d be doing a disservice if I didn’t just come out and say it as prominently and plainly as possible:

There is no valid reason anyone should be buying Motorola Android devices in 2026. None.

It’s a shame, too, ’cause Motorola has a heck of a history within Android and the mobile realm in general. And, to its credit, the company does still make some impressive-looking and at times quite interesting hardware.

But the compromises that come with that package are just too serious and consequential to be forgiven. That’s been the case for some time now, truth be told — but with yet another facepalm-inducing infraction being added onto the list now, it’s time to say it loud and clear:

Please stop buying Motorola Android phones. And please join me in telling everyone you know the same thing. 

Trust me: You’ll be doing them a major favor. And here, with no punches pulled and absolutely no sugarcoating, is exactly why.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter — three new things to try every Friday and tons of other tasty treats.]

The Motorola Android compromise: Part I

I won’t beat around the bush: The most pressing reason Motorola Android phones are completely inadvisable to buy is the reason that’s been present for the longest — and that’s the company’s complete and utter disregard for even minimally acceptable post-sales software support.

It’s something I’ve noted in my data-based Android Upgrade Report Cards for more years than I can even remember at this point, and it’s almost comically consistent: Year after year, upgrade cycle after upgrade cycle, Motorola simply does not give a damn about investing the time or the money to bring current Android versions to its existing customers in anything close to a timely manner. Once you’ve forked over your phone and put away your wallet, good luck: You’ll be lucky if you get a single software update from Motorola after that, half a year to a year after the fact — and you almost certainly won’t hear a single peep from the company about the progress (or lack thereof) at any point along the way.

Motorola has managed to score an almost impressive number of back-to-back “F” scores on my annual analyses; no other Android device maker even comes close to that record. And lest you think this is purely about pokiness in providing polish and surface-level progress, remember that practically every Android software update is packed with critically important changes around privacy, security, and performance — and the way apps are able to interact with both your data and your hardware.

Running outdated software isn’t just dangerous — it’s downright irresponsible, especially if you’re a professional using your phone for business purposes but even if you’re just a regular ol’ schmoe focused purely on personal stuff. No one who understands a thing about security would ever recommend that, and that’s exactly what you’re signing up for anytime you buy a Motorola-made device.

So that’s part one, and that’s the biggest problem with Motorola’s Android products. But it isn’t the end of this tale nor the reason I was finally moved to write this missive, with the hopes that it’d eventually reach any Android-interested phone-buyers with Motorola on their minds.

Motorola’s more recent Android offenses

All update-related issues aside, the problem with Motorola’s Android products is that they make all sorts of compromises that are all about lining Motorola’s pockets at the expense of your experience.

The most recent example and the straw that broke the Android columnist’s (increasingly creaky) back is the new discovery that Motorola had seemingly been indirectly hijacking the Amazon app on its devices and sneakily injecting an affiliate code into links. The end result of such actions, according to observations published this week, is generating unearned revenue from your day-to-day purchases.

That’s an underhanded and shady-seeming practice, to say the very least. It just feels icky and ethically reckless. And clearly, what was demonstrated was intended to go unnoticed, which is always a pretty apparent sign in my mind that someone’s doing something shifty.

Following the discovery and subsequent outcry, Moto released a statement saying that the behavior was “unintended” and the result of its partnership with a company called Device Native. According to Moto, it had teamed up with that organization to develop “an app search and suggestion experience for the Moto App Launcher.” You can choose to interpret that how you will, but the reality is that Device Native is a company that exists to inject personalized, native-seeming ads directly into the core Android software experience, as its website plainly establishes — with “no user opt-in required,” allowing for easier “scale” of “monetization globally.”

On some level, at least, Motorola evidently decided to work with this company and integrate its ad technology into the Android experience on its phones. Regardless of whether the Amazon code injection was truly deliberate, which organization caused it to happen, and who was or wasn’t aware of the actions, Motorola opted to place this ad-serving system into the phones it was selling and to allow the company behind it to exert this kind of control over its customers’ experiences — as well as, one would imagine, likely leaning on it for other forms of invasive system-level ad integration.

And sure, maybe Moto will back down from this practice and perhaps even distance itself from the partnership entirely if the outrage grows loud enough. But does someone stopping a shady-seeming practice simply because they got caught and people complained make for the kind of company you want to trust in general?

It’s similar to the way Moto lards up its devices with so much preinstalled bloatware that you actually have to fight to get through it or — Goog forbid — remove it and reclaim the product you paid hundreds of dollars to purchase. Heck, even the company’s top-of-the-line, nearly $2,000 folding Razr Fold phone is guilty of this sin, and that’s just embarrassing for a device of that price and caliber.

Even with Motorola’s lower-level phones, though, we’re talking about devices that often cost $500 or close to that. These aren’t bottom-of-the-barrel, heavily subsidized garbage gadgets. You could get one of Google’s Pixel 10a phones for that same price or often even less — without any of the bloatware, the link-hijacking and potential ad-injecting shenanigans, or the unforgivable software support failures. You’d get a full seven years of guaranteed timely and reliable software updates, from major Android versions to monthly security patches and the quarterly feature drops that accompany those. And that’s to say nothing of the superior camera experience and other assorted advantages.

You could go with one of Samsung’s midrange models, too, imperfect as those are in their own ways, and it’d still be a massive step up from the Motorola madness.

We’ve reached a point where there really is just no comparison — and, again, no reason why anyone should be buying a Motorola phone anymore. The issue, unfortunately, is that most of the people who are buying Moto devices are the same people who aren’t reading columns like these. They’re the people who waltz into a carrier store, see whatever model is featured on the shelf or pushed by a commission-earning, partnership-promoting salesperson, and walk out with whatever caught their eye or had the best promotional pricing on that particular day.

Make no mistake about it: These types of devices give Android a bad name and propagate the myth of the entire platform being a second-rate dumping ground for “folks who can’t afford iPhones.” Android is so much more and so much better than that. You deserve so much better than that.

Plain and simple, this isn’t the Motorola of yesterday. At this point, there’s no excuse — and no reason to keep setting yourself up for failure when so many better options exist.

Say goodbye, Moto. And make sure everyone you know who won’t be reading this column knows why they should do the same.

Get unmatched Android insight in your inbox with my free Android Intelligence newsletter — three new things to try and zero punches pulled every Friday.

Google’s shiny new Android 17 update may be on the brink of making its way out into world, but one of the most consequential Android notification upgrades I’ve seen in ages is actually available for anyone, on any device, this instant.

It’s one of those things you don’t even realize is missing — and awkwardly has been, all this time — until you have it in front of you and see just how helpful and at times even invaluable it is.

And that’s the ability to have any or all of your notifications saved and restored whenever you restart whatever Android device you’re using — so that nothing important gets awkwardly tossed aside, lost, and forgotten, likely without your ever even noticing or being aware of what you’ve missed.

How many potentially important pending alerts have you lost as a result of that reboot trash chute? I couldn’t even begin to count, myself, and am slightly terrified to think of the answer. But with this easy new improvement in place, it’ll never happen again.

And best of all? It’ll take you roughly two minutes, once, to set up and then forget about and just know it’s working on your behalf from that moment forward.

Lemme show ya how.

[Keep the off-the-beaten-path knowledge coming with my free Android Intelligence newsletter — three new things to try every Friday and my Android Notification Power-Pack as a special welcome bonus!]   

Your new Android notification safety net

The secret sauce that makes this sorcery possible comes not from Google itself but from a crafty independent developer who’s been expanding our Android notification smarts for many a moon now.

His app is called BuzzKill. You’ve probably heard me rave about it before, with other noteworthy features and additions it’s introduced over time.

Whether you already have BuzzKill on your device or this is your first time encountering it, though, it’s well worth your while to take note of this new capability that snuck into the app not long ago.

First, a quick primer/refresher on what BuzzKill is, in case you aren’t already familiar: BuzzKill is essentially a way to create Gmail-like filters for your Android notifications. You use it to create simple custom rules for what happens when different types of notifications arrive — in an intuitive “if this, then that”-style form — with all kinds of interesting and advanced options for making your alerts more effective.

The latest addition to the app is an experimental option called, appropriately enough, “Restore after reboot.” And it does exactly what you’d expect: Anytime your device restarts, it automatically swoops in to save any active notifications that fit the parameters you select and then instantly restores ’em back into active status once your phone is back up and running.

Without such a system in place, any notifications that you either hadn’t yet looked at or maybe had glanced at and left pending as a reminder to deal with later would more often than not just vanish entirely — and you’d have no easily visible record of their presence or any real indication that they’d been there at all. That’s a dangerous recipe for forgetting something important, whether it’s an email you intended to engage with, a Slack message you needed to acknowledge, or even a task of some sort that had popped up for you to ponder.

The beauty of the BuzzKill approach to fixing this is that it really is a “set it and forget it” sort of system: You just create whatever rule you want now, get it up and running, and then rest easy knowing it’ll always find and restore any active notifications anytime your device restarts — as Android itself should but for whatever reason does not.

2 minutes to auto-restored Android notifications

All right — here are the specific steps to getting your new notification safety net in place:

• First, go download BuzzKill from the Play Store, if you don’t already have it.
  • The app costs four bucks as a one-time purchase, which — believe me — is nothing compared to the ongoing value it’ll give you with this and its many other notification-enhancing possibilities.
  • It doesn’t require any unusual permissions, doesn’t collect any form of data from your phone, and doesn’t have any manner of access to the internet — meaning it’d have no way of sharing your information even if it wanted to. 
• Once you’ve gone through the app’s initial setup and made your way to its main screen, tap on the circular button in the lower-right corner of the screen to create a new rule.
• On the screen that comes up next, consider which specific sorts of notifications you want to have restored whenever your device restarts.
  • You could always start with any and all notifications and then go back in to refine and limit the rule more once you see how it works. You might eventually want to ask it to avoid restoring alerts from certain low-priority apps — like, say, Google Photos — so that it doesn’t bother bringing back stuff that you don’t actually need.
  • If/when you want to create any such restrictions, tap the text that says “any app” to change which apps will be included and/or tap the text that says “contains anything” if you want to restrict based on what specific text a notification does or doesn’t include.
  • If you don’t want to create any limitations and just want all of your active notifications to be restored, at least to start, leave those lines alone and mosey on down to our next step.

• Tap the line that says “do nothing” and scroll down to find the “Restore after reboot” option. It’ll be toward the bottom of the list, within the “System actions” section.

• Tap that, then tap “Pick action” to confirm.
• And last but not least, tap “Save rule” to, y’know, save your rule and set it into action.

You should then see the rule showing up as active and running on the main BuzzKill screen.

And that really is all there is to it: Whenever your phone next restarts, any notifications that were visible and active at the time of the restart should just show back up via BuzzKill as soon as things boot back up. If you want to get fancy, you could even make certain especially important notifications “sticky” in general, so that if you inadvertently swipe ’em away while your phone is running normally, they’ll automatically come right back even in that scenario.

It’s not the flashiest feature you’ll see this year, and it doesn’t have any whizbang AI shenanigans to make it seem headline-worthy by current-day standards. But it will work and quite possibly be one of the most practical, actually helpful additions you make to your phone all year — even if and arguably especially if you only think about it once in a great while, when you notice it working its magic and saving you from losing something significant.

Discover even more life-enhancing Android treasures with my free Android Intelligence newsletter — three new things to try every Friday and my free Android Notification Power-Pack today.