Apple and Google are significantly bolstering smartphone security with new features designed to thwart increasingly sophisticated theft tactics, including “shoulder surfing” – where thieves observe users entering their passcodes in public places. Apple is rolling out its enhanced “Stolen Device Protection” feature to all users with iOS 26.4, a function previously optional. Simultaneously, Google is deploying AI-powered security upgrades across billions of Android devices.
Enhanced Protection: What’s New
Apple’s new standard protection introduces an additional layer of security when an iPhone is detected in an unfamiliar location, such as away from the user’s home or workplace. The core of this update requires exclusive use of Face ID or Touch ID for critical actions. Even with a known passcode, thieves will be unable to access the most sensitive data.
Specifically protected are:
- Stored passwords in iCloud
- Payment methods saved in Safari
- The ability to disable the “Lost” mode
To further safeguard user data, Apple is implementing a one-hour security delay for key changes. Attempts to modify the Apple ID password or reset Face ID at an unknown location will require biometric authentication, a one-hour waiting period, and subsequent re-verification. This provides the rightful owner with crucial time to lock the device.
Google’s AI-Powered Response for Android
Google is also intensifying its efforts to combat smartphone theft. New, and in some cases AI-driven, features are being introduced to protect billions of Android devices. A central component is an improved theft detection system.
The AI is designed to recognize scenarios where a phone is forcibly snatched and a fleeing motion is detected. In such instances, the device will automatically lock itself immediately. Additional features block access if the smartphone is disconnected from known Wi-Fi networks for an extended period or experiences numerous failed unlock attempts.
Notably, many of these updates are delivered through Google Play Services, extending the new protections to older devices running Android 10 and later. The features are already standard on new devices in some regions.
In the Event of Theft: Crucial Steps to Take
Despite these technological advancements, swift action remains essential in the event of a theft. Users should immediately:
- Locate and lock the device: Utilize “Find My” (Apple) or “Find My Device” (Google) to pinpoint the smartphone’s location and remotely lock it.
- Suspend the SIM card: Contact your mobile carrier immediately or dial the central emergency number 116 116 to prevent unauthorized use and protect two-factor authentication.
- Change passwords: Reset access credentials for email, banking, and social media accounts without delay.
- File a police report: Report the theft to law enforcement, providing the 15-digit IMEI number of your device.
Combating “Shoulder Surfing”
These initiatives directly address the “shoulder surfing” technique. Thieves observe and memorize a user’s passcode in public settings before stealing the device. Previously, possessing the passcode granted criminals full control.
Mandatory biometric authentication in unfamiliar locations disrupts this attack vector. Even with the passcode, a thief will be unable to access valuable digital identities. This protects what is often more valuable than the device itself: personal data.
The trend is clearly toward proactive, automated security systems. With initiatives like the planned digital EU identity wallet, smartphone security will continue to grow in importance. While the technology offered by manufacturers is improving, user awareness remains the most important line of defense.
