Special Phone & App Features Battle Spyware Threat

Sophisticated government-backed spyware is an increasing threat to journalists, human rights defenders, and dissidents globally. In a critical response, tech giants Apple, Google, and Meta have rolled out specialized opt-in features designed to harden devices and accounts against these advanced cyberattacks. These new protections are proving effective in defending users from tools that grant attackers full access to personal data, calls, messages, and even location.

The urgency for such defenses has grown amid a wave of incidents. In early 2025, WhatsApp notified approximately 90 users, many of them journalists across Europe, that they were targeted by Israeli spyware firm Paragon Solutions. Months later, Apple issued threat notifications, with forensic analysis confirming two journalists were hit by Paragon's Graphite spyware through zero-click attacks, requiring no user interaction. These are not isolated events but reflect a documented norm over the past 15 years, where government hackers routinely compromise individuals deemed critical or opposing.

These attacks leverage expensive, stealthy tools to infiltrate smartphones, which contain a vast amount of a person’s daily life data. Spyware operators gain virtually complete access, enabling them to record calls, steal chat messages, access photos, activate cameras and microphones, and track real-time locations. The implications for privacy and personal safety are immense, making robust digital defenses paramount.

In response to this escalating threat, leading technology companies are empowering users with better security. Apple, Google, and Meta now offer specific opt-in features aimed at countering targeted spyware. While these features might limit some regular functionalities, they significantly enhance device and data protection. Experts and security researchers, including TechCrunch, strongly recommend activating these safeguards, especially if you suspect you could be a target of state-sponsored surveillance.

"These features are free, easy to enable, and the best defense we have today against sophisticated spyware," said Runa Sandvik, a security researcher dedicated to protecting at-risk communities. "If the features get in the way of something you need to do, you can easily turn them off again — meaning it costs very little to turn them on and try them out."

No security measure is absolute, as spyware developers constantly evolve their tactics, prompting continuous counter-measures from software makers. However, these features have demonstrated their effectiveness in mitigating the risk.

Apple’s Lockdown Mode

Apple's Lockdown Mode, available across all Apple devices including iPhones, transforms your device into a highly secure state by limiting many standard functions. This trade-off significantly boosts security, with Citizen Lab reporting that Lockdown Mode has successfully thwarted spyware attacks like those using NSO Group’s Pegasus software. Apple has stated it has never detected a successful attack on a device with Lockdown Mode enabled.

Activating Lockdown Mode restricts iMessage attachments (except specific media), blocks links and previews, limits web browsing features in Safari, and blocks incoming FaceTime calls and Apple service invitations from unknown contacts. It also disables Game Center, strips location data from shared photos, removes shared albums, and requires device unlocking for accessory connections. Furthermore, it prevents automatic connections to open Wi-Fi networks, disconnects from non-secure ones, and blocks 2G/3G cellular networks, while also prohibiting configuration profile installations. To enable it, navigate to Settings > Privacy & Security > Lockdown Mode, then restart your device.

Google’s Advanced Protection Program

Launched in 2017, Google's Advanced Protection Program is designed to fortify Google accounts against a wide array of malicious actors. This program significantly enhances account security.

Key features include restricting third-party app access to your Google account, enabling deep Gmail scans for phishing and malicious content, and integrating Google Safe Browsing in Chrome to warn against dangerous sites or downloads. On Android, it limits app installations to legitimate app stores and introduces extra verification steps for account logins. To enroll, visit its official page, log in, and follow prompts to add a physical security key or software passkey, along with recovery options.

Android’s Advanced Protection Mode

Inspired by Apple's initiative and introduced last year, Android's Advanced Protection Mode brings similar device-level defenses to Google's mobile operating system.

This mode activates Google Play Protect for malware defense, blocks installations and updates from unknown sources, and enables Memory Tagging Extension (MTE) on compatible hardware for vulnerability protection. It also automatically locks the device upon detecting suspicious activity indicative of theft or after prolonged offline periods. Furthermore, it reboots phones locked for 72 hours to hinder data extraction, blocks USB connections when locked, and scans for harmful messages. Other features include flagging links from unknown users, blocking 2G networks, identifying spam callers, screening incoming calls (region-dependent), and enforcing HTTPS encryption in Chrome while reducing JavaScript attack surfaces. Users can also enable Intrusion Logging to assist spyware attack investigations. Activate via Settings > Security and Privacy > Other Settings > Advanced Protection > Device Protection.

WhatsApp’s Strict Account Settings

WhatsApp, with over 3 billion users, is a frequent target for sophisticated hacking tools, with exploits costing millions. The app has detected multiple government-backed hacking campaigns, including one targeting 1,200 users in 2019 and another ensnaring 90 users in Europe last year. In response, WhatsApp launched Strict Account Settings earlier this year.

This opt-in feature, available on Android and iOS, enables two-step verification and security notifications. It blocks attachments and media from unknown senders by default, turns off link previews, and silences calls from unknown numbers. It also hides your IP address in calls and restricts profile information visibility (last seen, profile photo, About) to contacts or pre-established groups. Furthermore, only contacts or group members can add you to a group chat. To enable, go to Settings > Privacy > Advanced and toggle the feature on.

FAQ

Q: Who should consider enabling these advanced security features?

A: While these features are especially crucial for high-risk individuals like journalists, human rights defenders, and political dissidents, they are highly recommended for anyone seeking to bolster their digital privacy and protect their data from falling into the wrong hands.

Q: Are these advanced protection modes and settings foolproof against all spyware attacks?

A: No security measure offers a 100% guarantee against every possible threat, as attackers constantly evolve. However, these features represent the strongest available defenses against sophisticated spyware and have been proven effective in preventing successful compromises.

Q: Will activating these features significantly disrupt my device's normal operation?

A: These features do introduce some restrictions or changes in functionality to enhance security. While some users might notice minor quirks initially, they are generally not overly onerous, and many features can be selectively adjusted or temporarily disabled if absolutely necessary without turning off the entire protection system.