Most android phones have the option to require the user to log into the google account paired with the phone after X failed attempts.

That's quite nice.

Escalating to a stronger password after 5 failed attempts seems like a good measure which would got a long way to nullifying this sort of brute force attack.

How does logging into the Google account work if the phone is in Airplane mode or whatever where there will be no data connection?

The phone does not need to be unlocked to go out of airplane mode.

I think at that point the technical term is that you're screwed.

I'm guessing it must be covered - either it won't escalate to the account login or something similar.

What about two-factor auth?

This is for a smartphone PIN code. Are you suggesting a separate second factor to the physical phone itself?

Personally, I'd like the option to set an unlock pin that's weaker than my disk encryption password, and prompt for my disk encryption password (rather than a Google account) if I fail the pin a couple of times.

And that has been the default on all Android phones I've used so far.

You can also set a proper password on the iPhone (and presumably Android). You should probably have one of these safeguards set up if your phone has unfettered access to your email, social networks, contacts etc.

Yes indeed. And even the pin number can be longer than 4 digits (contrary to the article)