opt-in spyware – Spyware targeting journalists and dissidents has moved from rare to routine. In response, Apple’s Lockdown Mode, Google’s Advanced Protection Program and Android’s Advanced Protection Mode, and WhatsApp’s Strict Account Settings offer opt-in defenses—tradeoffs
For people who report, advocate, or simply don’t fit neatly into a government’s preferred narrative, the warning signs have stopped feeling hypothetical.
In early 2025. WhatsApp notified roughly 90 users—many of them journalists and civil society members across Europe—that they had been targeted by Israeli spyware company Paragon Solutions. Months later, Apple sent threat notifications to a new group of iOS users. Forensic analysis confirmed two of them—both journalists—had been hit with Paragon’s Graphite spyware using a zero-click attack. meaning they didn’t even have to tap a link to be compromised.
These incidents land in a world where security researchers have documented government hackers targeting journalists. human rights defenders. critics. and political opponents for the last 15 years. The tools are expensive, sophisticated, and designed to stay hidden. They hack into computers, but especially smartphones, where virtually all of a person’s daily life is stored.
Spyware can give operators virtually full access to the target’s device and data. Government spies can record phone calls. steal chat messages. access photos. and switch on the device’s camera and microphone to record ambient sound and nearby conversations. Spyware can also typically track a person’s real-time location.
The response from tech companies is not subtle anymore. Apple, Google, and Meta have rolled out opt-in features aimed specifically at countering targeted spyware attacks. In practice, these defenses often work by turning off or limiting some regular functions. It’s inconvenient by design.
Runa Sandvik—who has worked to protect journalists and other at-risk communities for more than a decade—described the tradeoff bluntly: “These features are free. easy to enable. and the best defense we have today against sophisticated spyware.” She added. “If the features get in the way of something you need to do. you can easily turn them off again—meaning it costs very little to turn them on and try them out.”.
Apple’s Lockdown Mode
Apple’s Lockdown Mode is available on all Apple devices, including iPhones. Apple says that when Lockdown Mode is enabled, “your device won’t function like it typically does.” The point is simple: the more normal behavior you remove, the fewer places an attacker has to slip through.
There is evidence that Lockdown Mode has helped. Citizen Lab found that Lockdown Mode stopped one spyware attack carried out with NSO Group’s Pegasus software. As recently as March, Apple said it has never detected a successful attack on an Apple device with Lockdown Mode enabled.
When Lockdown Mode is turned on, these changes apply:
– Attachments received on iMessage other than some images, video, and audio are blocked by default. – Links and previews in iMessage are blocked and appear as non-linked web addresses (you can copy and paste the links into Safari or another browser if you want). – Fonts, some images, and some web technologies are blocked when browsing in Safari. – Incoming FaceTime calls are blocked if you haven’t contacted that person before or in the
last 30 days. – Screen sharing, content sharing over SharePlay, and Live Photos are unavailable. – Incoming invitations for Apple services are blocked unless you have previously invited that person. – The Focus feature “and any related status will not work as expected.” – Game Center is disabled. – Location information is stripped when you share photos. – “Shared albums are removed from the Photos app. and new Shared Album invitations are blocked.” – You
need to unlock your device to connect it to an accessory or a computer. When connecting a Mac with Apple-made processors to an accessory. the computer needs to be unlocked and you have to approve the connection with your passcode. – You can’t connect automatically to open or public Wi-Fi networks. and you will be disconnected from any non-secure Wi-Fi networks that you previously connected to before enabling Lockdown Mode. – Your phone won’t be
able to connect to 2G or 3G cellular networks. – You can’t install configuration profiles or enroll the device in a Mobile Device Management program.
To switch on Lockdown Mode, go to Settings, then Privacy & Security, and scroll down to Lockdown Mode. Once you enable the feature, your Apple device will restart.
Google’s Advanced Protection Program
Google’s Advanced Protection Program launched in 2017 and is built to make a Google account more resilient against malicious hackers of all kinds.
Advanced Protection Program includes:
– Restricts some third-party services and apps from accessing your Google account, and only with your permission. – Enables “Deep Gmail Scans,” which scan your incoming emails for phishing attacks and malicious content. – Enables Google Safe Browsing in Chrome, which warns users navigating to dangerous sites or downloading dangerous files. – On Android, you can only install apps and games from legitimate app stores. – If someone tries to log into your account, Google takes extra steps to verify it’s really you.
To turn on Advanced Protection, go to its official page and click “Get Started.” This prompts you to log into your Google account and follow the instructions there.
First, you need to add a physical security key (or a software passkey) as an additional verification factor apart from your passwords. You also need to add a recovery phone and a recovery email to your account, or use a backup passkey or security key.
Android’s Advanced Protection Mode
Android’s Advanced Protection Mode was introduced last year and is likely inspired by Apple’s Lockdown Mode. It brings similar defenses to Google’s mobile operating system.
The security features include:
– Enables Google Play Protect. which guards against malware and unwanted apps. and checks all apps for “harmful behavior.” – Apps from unknown sources cannot be installed. and updates from previously installed apps from unknown sources will be blocked from running. – Enables Memory Tagging Extension (MTE) on supported devices. MTE is a hardware-enforced feature that protects against certain types of vulnerabilities. – The device locks automatically if it detects suspicious activity “indicative of theft.
” such as sudden and fast movement. based on data from the device’s motion sensors. Wi‑Fi. and Bluetooth. – The device locks automatically if it goes offline for a prolonged period. – The device automatically reboots if the phone has been locked for 72 hours. making it harder to extract data using law enforcement tools designed to unlock phones. such as devices made by Cellebrite. – When the device is locked, USB connections are blocked.
– Google scans for “unwanted and potentially harmful messages.” – Links sent via the Messages app from unknown users will be flagged. – Connection to 2G networks is blocked. – Google will identify spam callers. – You will be able to screen incoming calls and decline spam calls automatically (available only in certain regions). – Enables Android Safe Browsing, which protects against malicious websites. – Chrome will automatically enforce HTTPS encryption for all sites. –
Some JavaScript functions are turned off, reducing the browser’s attack surface for potential weaknesses. – You can also enable Intrusion Logging, an optional feature that helps researchers investigate spyware attacks.
To enable Advanced Protection Mode on an Android device, go to Settings, then Security and Privacy, and under Other Settings, tap Advanced Protection, then tap Device Protection.
WhatsApp’s Strict Account Settings
WhatsApp is used by more than 3 billion people, including those in the crosshairs of resourceful government agencies.
The market for hacking tools that target WhatsApp is so active that exploits can cost millions of dollars—and they work. In 2019, WhatsApp caught a hacking campaign by NSO Group that targeted around 1,200 users. Early last year, WhatsApp caught another spy operation that ensnared around 90 users in Europe.
In response, earlier this year, WhatsApp launched Strict Account Settings, an opt-in feature that switches on some privacy and security controls depending on the operating system.
On Android and iOS, Strict Account Settings turns on the following features:
– Two-step verification. – Security notifications. which alert users when a contact has changed their phone or reinstalled WhatsApp. or if an attacker takes control of their account. – Blocks attachments and media (pictures and videos) from unknown senders by default. – Link previews are turned off. – Calls from unknown numbers are silenced. – Your IP address is hidden in calls. – Your profile information and activity. such as when you were last seen online. your profile photo. and About information. are hidden from people who are not your contacts or members of a pre-established group. – Only contacts or members of a pre-established group can add you to a group chat.
To switch the feature on, use your primary device and go to Settings, then Privacy, then scroll down to Advanced and turn it on.
No security measure is perfect. Spyware makers keep finding new ways to hack into phones and services, and software makers respond after studying those attacks. The cycle is relentless.
But that doesn’t make these opt-in protections feel optional. After incidents like WhatsApp’s early-2025 notifications and Apple’s confirmation of Graphite spyware via zero-click attacks. the choices are stark: accept the risk that normal phone and app behavior can be exploited—or enable the defenses designed to shrink the attacker’s path into your device.
spyware journalists WhatsApp Apple Lockdown Mode Google Advanced Protection Program Android Advanced Protection Mode Paragon Solutions Graphite zero-click attack cybersecurity privacy two-step verification