These special phone and app features can help protect you from spyware.

Spyware attacks against journalists, human rights defenders, and political dissidents are no longer rare or exotic. In early 2025, WhatsApp notified approximately 90 users, many of them journalists and civil society members across Europe, that they had been targeted by Israeli spyware company Paragon Solutions. A few months later, Apple sent threat notifications to a new group of iOS users. Forensic analysis confirmed that two of them, journalists, had been infected with Paragon’s Graphite spyware using a zero-click attack. That means you don’t even have to tap the link to get it corrupted. This is not an isolated incident. They are standard.

Over the past 15 years, security researchers have documented numerous instances in which government hackers have targeted and successfully compromised journalists, human rights defenders, critics, and political opponents.

These attacks use expensive, sophisticated and stealthy tools that allow operators to install spyware by hacking computers, especially smartphones, which hold virtually all data about an individual’s daily life.

Spyware gives operators virtually complete access to the target device and data. Government spies can record phone calls, steal chat messages, access photos, and turn on your device’s camera and microphone to record ambient sounds and nearby conversations. Additionally, spyware typically tracks an individual’s real-time location.

In response to these attacks, tech giants are now providing users with better defenses. Apple, Google, and Meta, among others, offer opt-in features specifically designed to counter targeted spyware attacks.

Typically, these features add extra protection by turning off or limiting some common features. It’s a compromise, but after using it myself for a long time, I’ve never found it to be too cumbersome or annoying to use.

Tech companies, security researchers and TechCrunch, which have been studying spyware for years, recommend using these features if you suspect you may be subject to government surveillance because of who you are or what you do. Even if you don’t, these security features can help you better protect your data from falling into the wrong hands.

No security measure is perfect and constant efforts are needed to prevent security flaws. Spyware creators find new ways to hack phones and services, and software creators learn from these attacks and respond. Rinse and repeat.

But that doesn’t mean these features aren’t worth using. on the other way; These features have proven to be effective.

“These features are free, easy to enable, and the best defense we have today against sophisticated spyware,” said Runa Sandvik, a security researcher who has worked to protect journalists and other at-risk communities for more than a decade. “If a feature gets in the way of what you need to do, you can easily turn it back off. That means it costs very little to turn it on and give it a try.”

Below is a summary of these features and how to turn them on.

Apple’s Lockdown Mode

Apple’s Lockdown Mode is available on all Apple devices, including iPhone. Apple says that when Lockdown Mode is enabled, “your device will not function as usual.” Instead of going through this inconvenience, your device will be more secure.

There is evidence that lockdown mode has been helpful in the past. Citizen Lab found that lockdown mode blocked one spyware attack carried out using NSO Group’s Pegasus software. As recently as March, Apple said it had not detected any successful attacks on Apple devices with Lockdown Mode enabled.

When you turn on your device, the device’s lock mode changes as follows:

• Other than some images, videos, and audio, attachments received in iMessage are blocked by default.
• Links and previews in iMessage are blocked and appear as unlinked web addresses. (If you prefer, you can copy the link and paste it into Safari or another browser.)
• Fonts, some images, and some web technologies are blocked when you browse in Safari.
• If you haven’t contacted that person before or in the last 30 days, your incoming FaceTime calls will be blocked.
• Screen sharing, content sharing via SharePlay, and Live Photos are not available.
• You’ll be blocked from receiving invitations to Apple services unless you’ve previously invited that person.
• Focus functions and related states do not work as expected.
• Game Center is disabled.
• When you share a photo, location information is removed.
• “The shared album will be removed from the Photos app and new shared album invitations will be blocked.”
• Your device must be unlocked before you can connect it to an accessory or computer. When you connect a Mac with an Apple-made processor to an accessory, you must unlock the computer and authorize the connection with a password.
• You won’t be able to automatically connect to open or public Wi-Fi networks, and any unsecured Wi-Fi networks you were previously connected to before activating lockdown mode will be disconnected.
• Your phone can’t connect to a 2G or 3G cellular network.
• You cannot install configuration profiles or enroll devices in mobile device management programs.

To turn on Lockdown Mode, go to Settings, Privacy & Security, and scroll down to Lockdown Mode. After enabling the feature, your Apple device will restart.

I’ve been using lockdown mode for years. At first I noticed that some of the websites were a bit unstable, but I didn’t notice that for a while. You can also selectively turn off lockdown mode for specific websites and apps without disabling the feature completely. There are a few quirks, but I’ve gotten used to them.

Google’s Advanced Protection Program

Google launched its Advanced Protection program in 2017. This feature is designed to make your Google Account more resilient against all kinds of malicious hackers.

Advanced Protection includes the following features:

• Restricts some third-party services and apps from accessing your Google Account only when they have your permission.
• Enable ‘Deep Gmail scanning’, which scans incoming emails for phishing attacks and malicious content.
• Enable Google Safe Browsing in Chrome to warn users when they go to dangerous sites or download dangerous files.
• Android allows you to install apps and games only from legitimate app stores.
• When someone tries to log in to your account, Google takes extra steps to verify that it’s you.

To turn on advanced protection, go to the official page and click “Get Started”. You will then be prompted to sign in to your Google Account. Follow the instructions there.

First, you need to add a physical security key (or software secret key) as an additional verification factor in addition to your password. You’ll also need to add a recovery phone number and recovery email to your account, or use a backup passkey or security key.

Advanced Protected Mode on Android

Introduced last year and inspired by Apple’s Lockdown mode, Android’s Advanced Protected Mode brings similar defenses to Google’s mobile operating system.

Android’s Advanced Protected Mode provides the following security features:

• Enable Google Play Protect, which protects against malware and unwanted apps and checks all apps for ‘harmful behavior’.
• Apps from unknown sources cannot be installed, and updates to previously installed apps from unknown sources are blocked from running.
• Enable Memory Tagged Extension (MTE) on supported devices. MTE is a hardware-enforced feature that protects against certain types of vulnerabilities.
• Your device will automatically lock if it detects any suspicious activity that is “indicative of theft,” such as sudden or fast movements. It’s based on data from your device’s motion sensors, Wi-Fi, and Bluetooth.
• Your device will automatically lock if you’re offline for an extended period of time.
• Once a phone is locked for 72 hours, the device automatically reboots, making it more difficult to extract data using law enforcement tools designed to unlock phones, such as devices made by Cellebrite.
• USB connections are blocked when the device is locked.
• Google searches for “unwanted and potentially harmful messages.”
• Links sent through the Messages app by unknown users are flagged.
• 2G network connection is blocked.
• Google identifies spammers.
• You can block incoming calls and automatically reject spam calls. (Available only in some regions.)
• Enable Android Safe Browsing to protect against malicious websites.
• Chrome automatically enforces HTTPS encryption on all sites.
• Some JavaScript features are turned off, reducing the browser’s attack surface for potential weaknesses.
• You can also enable intrusion logging, an optional feature that helps researchers investigate spyware attacks.

To enable Advanced Protected Mode on your Android device, go to Settings, Security & Privacy, tap Advanced Protection under Other Settings, then tap Protect Device.

Strict account settings in WhatsApp

WhatsApp is used by more than 3 billion people, including those targeted by powerful government agencies.

The demand for hacking tools targeting WhatsApp is so high that exploiting them can cost millions of dollars and be successful. In 2019, WhatsApp caught a hacking campaign by NSO Group that targeted about 1,200 users. Early last year, WhatsApp uncovered another spying operation that captured around 90 users in Europe.

In response, earlier this year WhatsApp rolled out Strict Account Settings, an optional feature that turns on some privacy and security controls depending on your operating system.

On Android and iOS, strict account settings enable the following features:

• Two-step verification.
• A security notification that alerts users if a contact has changed their phone, reinstalled WhatsApp, or if an attacker has taken control of their account.
• By default, it blocks attachments and media (photos and videos) from unknown senders.
• Link preview is turned off.
• Calls from unknown numbers are silenced.
• Your IP address is hidden during calls.
• Your profile information and activity, including when you were last online, your profile picture, and profile information, are hidden from people who are not your contacts or members of preset groups.
• Only contacts or members of preset groups can add you to group chats.

To turn this feature on, using your primary device, go to Settings, Privacy, then scroll down to Advanced and turn it on.