The first developer beta of iOS 26.4 is rolling out, and with it, Apple is flipping a major security switch for buyers. A security feature that was previously optional is now enabled by default for everyone, making it harder for thieves to change your iPhone’s critical settings.
We’re talking about Stolen Device Protection (first released with iOS 17.3), the feature that is designed to protect your Apple ID, saved passwords, payment methods, and other sensitive information, even if someone knows your iPhone’s passcode.
Changing critical security settings requires more than just a passcode
The feature asks for more credentials than your iPhone’s passcode (such as Face ID or Touch ID) for actions like viewing or using passwords or passkeys saved in iCloud, viewing an existing Apple card or applying for a new one, turning off the Lost Mode, and erasing all the content and settings.
Further, the feature also delays changing critical security settings, such as the Apple ID password, adding or removing trusted devices, changing the iPhone’s passcode, and adding/removing Face ID or Touch ID, for an hour.
It also requires biometric authentication, followed by a one-hour security delay and a second biometric confirmation before changes can be made.
Why this matters
Basically, by enabling Stolen Device Protection in iOS 26.4, Apple is making it harder for bad actors to exploit the critical information stored on your phone or to reset it and sell it for quick cash.
In other words, your iPhone will be more paranoid than usual, even when you’re using it, but it is better to have the feature and not need it than to need it and realize that you didn’t turn it on (which is the entire point of making it a non-optional feature).
Elsewhere, the iOS 26.4 developer beta also includes encrypted RCS messaging support, native video support in Apple Podcasts, and a new Playlist Playground feature in Apple Music. A full public release of iOS 26.4 is expected this spring.
