Meta-owned WhatsApp has begun rolling out a new lockdown-style security feature designed to protect users who may be targeted by highly advanced cyber campaigns, including journalists, activists, and public figures.
The feature, called Strict Account Settings, adds an additional layer of protection beyond WhatsApp’s default end-to-end encryption. With a single tap, it locks an account into the platform’s most restrictive privacy and security settings, limiting features that have previously been exploited in sophisticated spyware and surveillance attacks.
“We will always defend that right to privacy for everyone, starting with default end-to-end encryption. But we also know that a few of our users – like journalists or public-facing figures – may need extreme safeguards against rare and highly sophisticated cyber attacks,” WhatsApp wrote in a blog post published on Tuesday.
How Strict Account Settings Work
Users can enable the feature from their primary device by heading to Settings > Privacy > Advanced. Once switched on, Strict Account Settings automatically activates several protections, which are aimed at reducing exposure to potential attacks.
These include blocking media and attachments from unknown senders, disabling link previews, silencing calls from people not in the user’s contacts, and restricting who can add the user to group chats. It also tightens visibility controls and limits access to personal information such as last seen status, online presence, profile photo, About details, and profile links. Additionally, two-step verification and security notifications are also switched on by default.
WhatsApp said the feature is designed for a small group of users who face elevated risks, rather than the general public.
“This feature is built for the very few users who may be the target of such attacks. Therefore, you should only turn this on if you think you may be a target of a sophisticated cyber campaign. Most people are not targeted by such attacks,” the company said in a separate FAQ support document.
Availability
Strict Account Settings is rolling out gradually over the coming weeks and can be turned off at any time. WhatsApp emphasized that most users will not need to enable the feature, but for those at higher risk, it offers a simple way to significantly strengthen account security with just one tap.
Alongside the new feature, WhatsApp also revealed it has been expanding the use of the Rust programming language to improve memory safety and reduce the risk of spyware in its media-handling systems. The company described this as part of a wider “defense-in-depth” approach to security.
Rising Spyware Threats Push Platforms Toward Stronger Defences
The rollout comes amid growing concern over spyware attacks targeting messaging apps through so-called “zero-click” vulnerabilities, which allow attackers to infect devices without any action from the user. In recent years, journalists, activists, and political figures have been targeted using tools such as NSO Group’s Pegasus spyware.
WhatsApp has patched multiple zero-day vulnerabilities in recent years that were abused in such attacks and has accused spyware vendors of continuing attacks even after legal action was taken.
Security researchers welcomed the move, saying it reflects a broader industry trend toward optional high-security modes. WhatsApp’s move aligns it with other major tech companies offering lockdown-style protections. Apple introduced its Lockdown Mode in 2022 to protect users from mercenary spyware, while Google offers Advanced Protection on Android for users with heightened security needs.
