iOS 26.4: Stolen Device Protection Enabled by Default
Starting with iOS 26.4, Stolen Device Protection will be enabled by default and turned on for all iPhone users.
[…]
Stolen Device Protection requires additional authentication through Face ID or Touch ID to access certain iPhone features like the Passwords app, Lost mode in Find My , Safari purchases, and more. Some features are disabled entirely without authentication, while others have a one-hour security delay.
[…]
Prior to iOS 26.4, Stolen Device Protection had to be enabled manually in the Face ID and Passcode section of the Settings app. There is an option to remove security delays when the iPhone is in a familiar location, which allows full functionality at home but protection when out and about.
Based on the screenshot, it looks like Stolen Device Protection is not actually enabled by default; rather, iOS strongly encourages you to opt in by forcing you to either tap a giant blue Turn On button or some little blue text, which doesn’t even look like a button, that says Not Now.
I plan to opt out because of my prior bad experience with iOS inappropriately locking me out and the familiar location safety feature not working properly. I think it’s more likely to burn me than save me. I might feel differently if I had important passwords in iCloud Keychain. I think I’d rather see an option to require a longer passphrase to unlock Apple’s password manager.
Previously:
- iOS 17.6 and iPadOS 17.6
- Janky Apple ID Security
- Stolen Device Protection in iOS 17.3
- iPhone Thieves Locking Users Out of Their Apple Accounts
- Changing Apple ID Password Using Only a Device and Passcode
- Opting Out of Sharing Siri Audio Recordings
- No Thanks vs. Later
Update (2026-02-19): J. Blake:
I’ve never turned on the advanced protection but after reading your blog, I checked my “Significant Locations” …and they were not.
7 Comments RSS · Twitter · Mastodon
The screenshot also says it's "ready for testing." I'm not sure the screenshot is relevant to the rest of the story, other than being what the enrollment screen looks like or looked like at one time.
All of this would be a complete non-issue if they would just, at least optionally, disable the ability for an iPhone passcode to reset an Apple ID password. For all their supposed security consciousness that is the most ass-backward way to do it.
I completely understand why they do it, it's convenience over security for the millions of people that don't even know what an Apple ID is but know they have to have one or their iPhone won't do anything. So their password manager is to reset the password every single time because they can remember a six digit pin (and dragging them kicking and screaming from four digits was bad enough.)
But they have lockdown mode and advanced data protection mode etc, let people opt out of that and then this won't be a problem.
What annoys me, is that as an iPhone user with iCloud turned off, I can’t enable Stolen Device Protection.
Same for using a Yubikey for 2FA. I bought Yubikeys for my account, but they can’t be used unless you’ve enabled iCloud (this doesn’t appear to be documented anywhere).
@Kevin That’s a good point, although I wonder if Apple would really enable it without confirmation given that doing so could block some users without their even knowing what happened.
My significant locations are fine, home and work, but I also named those locations in Maps, and pinned them, and there on my contact card. Those are the only two locations shown under Recent. There are 110 other "files" but there's no way of checking them.
@ED I did that, too, but my home still doesn’t appear as a significant location. It claims 151 records that I can’t see, but the only two it shows are a gym that I spent two hours at in the last week and huge 4-block circle in town that I guess corresponds to a few minutes spent at a drive-though ATM and a red light.
@Tsai That's disappointing. I should say I'm still on 18.7.3 on a 13 Pro that can do 26, so this is the beta from just before when they shut that down too.
