Apple's iOS 26.4 beta introduces two major security upgrades that address long-standing vulnerabilities in messaging and device theft protection. The update finally brings end-to-end encryption to RCS messaging, resolving a critical gap where messages between iPhone and Android users were previously only protected by transport-layer encryption.

RCS support arrived with iOS 18 but lacked the encryption users expected. While Google Messages offered E2EE for Android-to-Android communication, iPhone users sending RCS messages to Android devices had no equivalent protection. The new feature appears in beta as "Encrypted" message threads, though it only works with supported carriers and devices for newly created conversations. Apple's implementation closes a significant privacy gap that left cross-platform messages potentially accessible on servers.

Equally important, Stolen Device Protection now activates by default, addressing the growing threat of iPhone thefts in Europe and elsewhere. The feature requires Face ID or Touch ID authentication for critical security changes and adds a one-hour delay before users can modify Apple ID passwords or device passcodes. This thwarts the common attack where thieves observe passcodes before stealing devices to lock victims out of accounts. The default activation means millions of iPhone users gain immediate protection without manual setup.