Spyware protection: Apple, Google and WhatsApp security modes explained
Spyware protection guide: Apple’s Lockdown Mode, Google’s Advanced Protection and WhatsApp’s Strict Settings help shield journalists from targeted phone attacks.
Governments and commercial exploit sellers have increasingly targeted journalists, human rights defenders and political dissidents with sophisticated spyware, prompting major tech firms to tighten defenses. The rise in zero-click and clandestine intrusions — attacks that can compromise phones without any user interaction — has put spyware protection squarely in the spotlight. This article explains the protections Apple, Google and WhatsApp now offer, how they work, and when at-risk users should enable them.
Surge in targeted spyware attacks
Early 2025 saw multiple notifications from platform providers to users who had been singled out by surveillance tools, with civil society members and reporters among those affected. Security researchers say these incidents are part of a long-running trend in which state actors and private firms deploy high-cost implants to gain broad access to a target’s device and communications.
Spyware typically captures messages, calls, location, photos and can activate microphones and cameras, allowing operators near-complete visibility into a person’s life. That risk has driven the development of specialized settings and modes designed to reduce attack surfaces and slow or block exploitation attempts.
Apple’s Lockdown Mode and what changes
Apple’s Lockdown Mode is a system-level option that significantly restricts common device features in exchange for increased resistance to targeted exploits. When turned on, the phone limits message attachments and link previews, disallows some web technologies, tightens accessory and network connections, and disables or restricts services that could be abused by attackers.
The trade-offs are tangible: features such as screen sharing, certain web fonts and automatic connections to unsecured Wi‑Fi networks are curtailed, and the device must be unlocked before certain accessories can connect. Apple and independent labs have reported instances where these restrictions have blocked real-world spyware campaigns, making Lockdown Mode a practical tool for those who face heightened risk.
Google’s Advanced Protection across accounts and Android
Google’s Advanced Protection Program for accounts and Android’s Advanced Protection Mode for devices extend similar hardening to the Google ecosystem. The account-level program enforces stricter third-party access rules and stronger sign-in verification, while Android’s device mode adds platform-specific defenses like blocking unknown‑source app installs and enabling hardware protections where supported.
On Android, the mode can trigger protective behaviors such as automatic device locks after suspicious activity, enforced HTTPS for browsing and optional intrusion logging to aid forensic analysis. Both Google programs typically require additional setup, including registered security keys or passkeys, reflecting an assumption that high-risk users are willing to accept some convenience costs for stronger spyware protection.
WhatsApp’s Strict Account Settings for messaging safety
WhatsApp has introduced an opt-in “Strict Account Settings” option aimed at protecting messaging integrity for users targeted through the platform. The feature enables enforced two-step verification, blocks media and attachments from unknown senders, hides profile details from non-contacts, and silences calls from unknown numbers to limit common attack vectors.
Because messaging platforms have been repeatedly exploited in high‑profile intrusions, these controls reduce the likelihood that malicious content or account takeover attempts will reach an at-risk user. WhatsApp’s settings also limit group‑adding privileges and obscure call metadata, further reducing the amount of exploitable information available to attackers.
Weighing trade-offs and when to enable protections
All of these protective modes require a conscious trade-off between convenience and security; some features may prevent routine tasks or disrupt third‑party apps. For users who are frequently targeted — journalists, lawyers, political organizers and human rights workers — the modest inconveniences are widely considered acceptable given the high stakes of an intrusion.
Security experts recommend enabling these modes when there is credible concern of targeted surveillance, and testing them in non‑critical contexts to learn how they affect daily workflows. Because no defense is foolproof, combining platform protections with operational security practices — careful device hygiene, minimal app permissions and regular software updates — yields the best results.
These built-in protections represent the most accessible defenses currently available against sophisticated spyware, but they are part of an ongoing arms race between attackers and defenders. Users should periodically review settings from their device and service providers, enable stronger modes when risk increases, and consult trusted security resources for guidance on recovery and remediation if they suspect a compromise.
