Apple to Enable Stolen Device Protection by Default in iOS 26.4

Apple plans to enable Stolen Device Protection by default in the upcoming iOS 26.4 update. This significant security enhancement was initially introduced in early 2024 as an optional security measure for users.

Stolen Device Protection introduces additional security requirements for specific features and actions when an iPhone is in unfamiliar locations (outside of home or work).

Understanding Stolen Device Protection

The primary goal of this feature is to prevent unauthorized access and critical account or device changes by someone who has stolen an iPhone and knows its passcode. It achieves this by mandating heightened authentication in environments not recognized as home or work.

Key Security Measures

The Stolen Device Protection feature incorporates two core security protocols:

• Biometric Authentication for Sensitive Information:
  Accessing stored passwords and credit cards now exclusively requires Face ID or Touch ID biometric authentication. Crucially, there is no passcode alternative or fallback for these actions, making it significantly harder for a thief to access personal financial and account data.

• Security Delay for Critical Account Changes:
  Actions that involve high-level security changes, such as altering an Apple Account password, necessitate a one-hour waiting period. Following this delay, an additional Face ID or Touch ID authentication is required to complete the action, providing an important window for users to detect and respond to potential compromise.

From Optional to Default

Previously, with iOS 17.3, Stolen Device Protection was an opt-in feature, requiring users to manually activate it. With the release of iOS 26.4, it will be automatically enabled for all users by default. While the feature will be universally active, users will still have the flexibility to manually disable it if they wish.