Skip navigation
Duo Blog
Admin Login

Categories & Archive

Enhanced Duo instant restore for android
Industry Events
John Bruce

New device? No problem: Enhanced Duo Instant Restore for Android

We’re excited to announce a major update to Instant Restore for Duo Mobile on Android. This update brings multiple improvements which make it easier to move to a new device without losing access to your MFA accounts.

Before we dive into the new feature, let’s quickly review how Instant Restore worked on Android prior to this update. When backing up both Duo and third-party accounts, the steps to start backing up are:

  1. Enable Instant Restore in Duo Mobile’s settings

  2. Select a Google Drive account for storing backups

  3. Enable the toggle to automatically reconnect third-party accounts

  4. Create and confirm a password for encrypting your third-party secrets

When restoring from a Google Drive backup, the steps are:

  1. Select the Google Drive account your backup is stored in

  2. Open Duo Mobile on your old device and generate a QR code

  3. Scan the QR code from your new device

  4. Re-enter the password created in step 4 above to reconnect third-party accounts

The new version is simplified to eliminate several points of friction from the old version, namely:

  • Your old device is no longer required to reactivate Duo accounts

  • No QR code to scan on your old phone when reactivating Duo accounts

  • No password to remember when reconnecting third-party accounts

Since there are less requirements to restore your Duo accounts, this will help Duo Mobile users resume authenticating more seamlessly without requiring support from their Duo administrator.

Google System Backup

The new update integrates with Google’s system backup functionality built into Android. The new version of Instant Restore will be used when Duo Mobile detects Google backup is enabled and a passcode is set on the device. Once these conditions are met, Duo Mobile will create end-to-end encrypted backups of all Duo accounts which are eligible for Instant Restore as a part of your Google backup. This backup will also include third-party accounts when the third-party reconnect toggle is enabled in Duo Mobile’s settings.

Duo auto restore settings

Since the backup is end-to-end encrypted, no one else can read the backup without your device passcode, and there’s no need to remember a special password when restoring third-party accounts! Android schedules system backups based on several factors like battery level, usage, and network conditions – but in practice this happens every few days. A backup can always be manually triggered in Android settings. See Google’s docs for more info.

Duo backup settings

Restoring accounts

Your old device is no longer needed to reactivate Duo Accounts, since the reactivation secrets are stored in the encrypted backup. When setting up a new Android device, log in to the same Google account, select the cloud backup created by your old device, and enter your old device’s passcode. Android will automatically restore Duo Mobile’s backup. Your accounts will automatically be reactivated on first launch of Duo Mobile, and the corresponding Duo accounts will be deactivated on your old device. As a precaution, we’ll also send a push notification to your old device to make sure this reactivation was performed by you. If you confirm this reactivation was not done by you, then both devices will be deactivated and an email will be sent to your administrator.

Google Drive is still available

The prior version of Instant Restore based on Google Drive is still available and can be used when system backup or a passcode aren't set up on your device. You can also still restore from your Google Drive backup and manually reconnect accounts with the QR code from your old device (for Duo accounts) and a password (for third-party accounts) in case your new device wasn’t set up from your old device’s cloud backup. Making the older version of Instant Restore available as a fallback helps ensure that you won’t be any worse off in case a step was missed using new restore.

Upgrading to the new version

Are you ready to upgrade? Here’s how to do it:

  1. Make sure you have Duo Mobile version 4.83 or higher installed.

  2. Enable Google Backup in Android System Settings. Make sure a backup has run since Duo Mobile was installed.

  3. Enable a pin/pattern/passcode for the lock screen on your device.

  4. Enable third-party account reconnect in Duo Mobile’s instant restore settings.

A couple of things to note:

  • Duo Mobile installs within a Work Profile are not supported, unfortunately.

  • The location of the Google Backup in Android System Settings varies by phone manufacturer. On Pixel devices, navigate to Settings > System > Backup. On Samsung devices, navigate to Settings > Google > Backup.

That’s it! Your next system backup will include encrypted account information from Duo Mobile. As aways, you can see the state of your Duo backup on the Instant Restore screen in Duo Mobile settings.