Spyware Protection Features: How Apple, Google and WhatsApp Harden Devices Against Targeted Attacks
Spyware protection features from Apple, Google and WhatsApp offer opt‑in defenses for journalists and activists; here’s how to enable and when to use them.
Government-grade spyware targeting journalists, human rights defenders and dissidents has become routine, prompting major tech companies to roll out opt‑in spyware protection features that limit device functionality in exchange for stronger security. These spyware protection features aim to reduce attackers’ ability to exploit phones and accounts, and they are increasingly recommended by security researchers and organizations that track digital threats. The moves come after multiple campaigns in recent years used sophisticated zero‑click and remote exploits to compromise iOS and Android devices. For anyone who could be a high‑risk target, enabling these protections can materially reduce the chances of a successful intrusion.
Surge in targeted attacks against journalists and civil society
Security labs and platform notifications have documented numerous campaigns in which operators deployed advanced spyware against reporters, activists and NGO staff. Some incidents involved zero‑click exploits that required no user interaction, giving attackers deep access to messages, calls, photos and real‑time location. Observers say this pattern is no longer exceptional; high‑profile compromises and legal disclosures over the past two years have underlined how attractive mobile devices are to state and mercenary actors. That context is why tech companies have prioritized defensive modes that change how devices and services behave when enabled.
Apple Lockdown Mode and what it blocks
Apple’s defensive option constrains many common phone features to shrink the avenues attackers can use to reach a device. When the feature is activated, it limits data exchange in messaging, tightens web‑rendering behavior, restricts incoming FaceTime and service invitations, and prevents certain accessories from connecting unless the device is unlocked. Apple and independent researchers say the mode has stopped some known spyware attempts, and the company advises at‑risk users to consider the trade‑off between convenience and protection. Enabling the feature requires a device restart and can be managed from the system privacy settings, with selective exceptions available for trusted apps or sites.
Google account protections and the Advanced Protection Program
Beyond device hardening, Google’s Advanced Protection Program focuses on securing accounts that can be a gateway to services and data. The program enforces stricter app access controls, elevates phishing defenses for email, and requires additional verification factors such as physical security keys or passkeys. For users with valuable accounts, these requirements make unauthorized access far more difficult, and Google tightens sign‑in checks and third‑party permissions as part of enrollment. Activists and journalists who depend on Google services are frequently advised to adopt this account‑level layer in combination with device protections.
Android Advanced Protection Mode and device resilience
Android’s Advanced Protection Mode brings a suite of device‑level mitigations modeled in part on features introduced by other platforms. It blocks installations from unknown sources, enforces enhanced malware scanning and can activate hardware protections where supported, such as memory tagging. The mode also implements defensive behaviors if suspicious motion or prolonged offline periods are detected, including automatic locking and reboot policies designed to frustrate forensic access attempts. Optional intrusion logging can help forensic teams investigate suspected compromises while preserving the device’s integrity.
WhatsApp Strict Account Settings for messaging safety
Messaging platforms have also added options to limit common abuse vectors, and WhatsApp’s Strict Account Settings is an opt‑in selection aimed at protecting accounts from takeover and abusive content. The setting strengthens two‑step verification, blocks media and attachments from unknown senders, hides profile metadata from non‑contacts, and disables link previews that could carry exploits. It also silences calls from unknown numbers and masks IP information during calls, reducing the risk that an attacker can use the app as an entry point to the device. For people whose work relies on secure messaging, the trade‑offs are modest compared with the potential consequences of a compromise.
When to enable protections and practical steps
Deciding to activate these protections depends on threat level, workflow and the need for certain features that may be restricted while protections are active. Security specialists recommend that people who face targeted surveillance—journalists covering sensitive beats, human rights defenders, campaign staff, and prominent critics—enable one or more protections as a baseline. For most users, testing an opt‑in mode temporarily can reveal whether the functional limits are acceptable; all major vendors allow features to be turned off if they interfere with daily use. Administrators and security officers should document the steps for enabling protections and ensure that recovery options, such as backup passkeys and secondary contacts, are in place before a crisis arises.
Shortcomings remain: no single feature guarantees immunity, and attackers continually evolve their toolsets. Nonetheless, combining account hardening with device‑level modes and cautious app hygiene measurably raises the bar for adversaries. Security researchers emphasize that these options are low‑cost mitigations—both in monetary terms and in the time required to try them—and they have proven effective against several real‑world campaigns.
As targeted spyware becomes more accessible and more potent, adopting spyware protection features should be part of routine operational security for those at heightened risk. Regularly review device and account settings, keep software up to date, and consider consulting a trusted security advisor if you believe you are a likely target.
