Your iPhone Just Got a Stealthy Security Upgrade – Here’s What You Need to Know
Apple recently dropped the first iOS 26.4 beta, and while Siri fans might be disappointed by the absence of her long-awaited makeover, this update packs a serious security punch. Two major upgrades, in particular, deserve your attention: enhanced RCS messaging and a game-changer for stolen device protection.
This edition of 9to5Mac Security Bite, proudly presented by Mosyle, dives deep into these critical updates. Mosyle, the only Apple Unified Platform (https://mosyle.net/87PQ), specializes in making Apple devices enterprise-ready. Their integrated approach combines cutting-edge security solutions like automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with a powerful Apple MDM. Trusted by over 45,000 organizations, Mosyle ensures millions of Apple devices are work-ready, effortlessly and affordably. Request your EXTENDED TRIAL (https://mosyle.net/87PQ) today and experience the Mosyle difference.
RCS Gets a Security Boost (But There’s a Catch)
Remember back in March 2025 (feels like ages ago in tech time!) when Apple announced its push for end-to-end encryption (E2EE) in RCS messaging? Well, after a year of radio silence, iOS 26.4 beta finally delivers a glimpse of this much-anticipated feature.
RCS, introduced in iOS 18 beta 2, aimed to bridge the messaging gap between iPhone and Android users, offering features like read receipts, typing indicators, and improved media sharing. But here’s where it gets controversial: RCS itself doesn’t inherently include E2EE. Google’s Messages app, a popular RCS client, offers E2EE between Android devices, leading to a common misconception. When an iPhone uses RCS to communicate with an Android device, messages are only encrypted during transmission (think TLS). This protects against basic interception but doesn’t prevent access on the server side. True E2EE, like iMessage between Apple devices, ensures only the sender and recipient can read the content.
iOS 26.4 beta 1 allows users to test E2EE for RCS, but it’s not a universal solution. Not all carriers and devices support it yet. You’ll know it’s active when the message thread is labeled “Encrypted.” Interestingly, existing threads don’t seem to switch to E2EE; it appears to only apply to newly created conversations.
Stolen iPhone? Apple’s Got Your Back (Finally!)
iPhone thefts are unfortunately common, especially in certain regions. Apple’s Stolen Device Protection, now enabled by default in iOS 26.4, addresses a critical vulnerability exposed by Joanna Stern’s Wall Street Journal investigation. Thieves often steal iPhones, observe the passcode, change the Apple ID password, disable Find My iPhone, and gain access to sensitive accounts through saved passwords.
Stolen Device Protection tackles this head-on. It requires Face ID or Touch ID (no passcode fallback) to change crucial security settings like Apple ID passwords or device passcodes. And this is the part most people miss: it also introduces a one-hour security delay before these changes can be made, giving victims precious time to mark their iPhone as lost and remotely wipe it. This delay can be set to activate “Always” or only “Away from Familiar Locations.”
What’s Your Take?
These iOS 26.4 security upgrades are significant steps forward. But are they enough? Do you think E2EE for RCS should be the default for all messages? Is the one-hour delay for Stolen Device Protection sufficient, or should Apple consider longer intervals? Let us know your thoughts in the comments below!
Stay Secure with 9to5Mac Security Bite
Follow Arin on Twitter/X (http://twitter.com/arinwaichulis), LinkedIn (http://www.linkedin.com/in/arinw), and Threads (http://threads.net/arinwaichulis) for more Apple security insights. Subscribe to the 9to5Mac Security Bite podcast (https://9to5mac.com/guides/security-bite-podcast/) for biweekly deep dives into the latest Apple security news and expert interviews:
- Apple Podcasts (https://podcasts.apple.com/us/podcast/security-bite/id1869497526)
- Spotify (https://open.spotify.com/show/3uASDWEDSHcpBufyqvN1Yd)
- Overcast
- Pocket Casts (https://pca.st/podcast/429e7ab0-d737-013e-7c78-02d8c28b0a65)
- RSS Feed (https://feedpress.me/securitybite)
FTC Disclaimer: We use income-earning auto-affiliate links. More details: (https://9to5mac.com/about/#affiliate)
