These special phone and app features can help protect you from spyware

Spyware attacks connected journalists, quality rights defenders, and governmental dissidents are nary longer uncommon oregon exotic. In aboriginal 2025, WhatsApp notified roughly 90 users — galore of them journalists and civilian nine members crossed Europe — that they had been targeted by Israeli spyware institution Paragon Solutions. Months later, Apple sent menace notifications to a caller radical of iOS users; forensic investigation confirmed 2 of them, some journalists, had been deed with Paragon’s Graphite spyware utilizing a zero-click attack, meaning they didn’t adjacent person to pat a nexus to beryllium compromised. These aren’t isolated incidents. They’re the norm.

For the past 15 years, information researchers person documented countless cases wherever authorities hackers person targeted and successfully compromised journalists, quality rights defenders, critics, and governmental opponents. 

These attacks trust connected expensive, sophisticated, and stealthy tools that let their operators to hack into and instal spyware connected computers, but particularly smartphones, which clasp virtually each of the information astir a person’s regular life. 

Spyware gives its operators virtually afloat entree to the target’s instrumentality and data. Government spies tin grounds telephone calls, bargain chat messages, entree photos, and power connected the device’s camera and microphone to grounds ambient dependable and grounds adjacent conversations. Spyware besides typically tracks a person’s real-time location.

In effect to these attacks, tech giants present supply their users with amended defenses. In particular, Apple, Google, and Meta connection opt-in features specifically designed to antagonistic targeted spyware attacks. 

Generally speaking, these features adhd other protection, sometimes by turning disconnected oregon limiting immoderate regular features. It’s a tradeoff, but having utilized these myself for a agelong time, I person ne'er recovered them to beryllium excessively onerous oregon annoying to use. 

Tech companies, information researchers who person studied spyware for years, and we astatine TechCrunch, urge that you usage these features if you fishy you whitethorn beryllium a people of authorities surveillance due to the fact that of who you are oregon what you do. Even if you’re not, these information features volition support your information amended protected from entering the incorrect hands. 

No information measurement is perfect, and it’s a changeless effort to support information flaws astatine bay. Spyware makers find caller ways to hack into phones and services, past bundle makers larn from those attacks and respond. Rinse and repeat. 

But that doesn’t mean these features are not worthy using. On the contrary; these features person been proven effective. 

“These features are free, casual to enable, and the champion defence we person contiguous against blase spyware,” said Runa Sandvik, a information researcher who has worked to support journalists and different at-risk communities for much than a decade. “If the features get successful the mode of thing you request to do, you tin easy crook them disconnected again — meaning it costs precise small to crook them connected and effort them out.”

Here’s a recap of these features, and however to power them on. 

Image Credits:TechCrunch / Screenshot /

Apple’s Lockdown Mode

Apple’s Lockdown Mode is disposable connected each Apple devices, including iPhones. Apple says that erstwhile Lockdown Mode is enabled, “your instrumentality won’t relation similar it typically does.” In speech for this inconvenience, your instrumentality volition beryllium much secure. 

There is grounds that Lockdown Mode has helped successful the past. Citizen Lab recovered that Lockdown Mode stopped 1 spyware attack carried retired with NSO Group’s Pegasus software. As precocious arsenic March, Apple said it has ne'er detected a palmy onslaught connected an Apple instrumentality with Lockdown Mode enabled.

This is what Lockdown Mode changes connected your instrumentality erstwhile you crook it on:

• Attachments received connected iMessage different than immoderate images, video, and audio are blocked by default.
• Links and previews successful iMessage are blocked and look arsenic non-linked web addresses. (You tin transcript and paste the links into Safari oregon different browser if you want.)
• Fonts, immoderate images, and immoderate web technologies are blocked erstwhile browsing successful Safari.
• Incoming FaceTime calls are blocked if you haven’t contacted that idiosyncratic earlier oregon successful the past 30 days. 
• Screen sharing, contented sharing implicit SharePlay, and Live Photos are unavailable.
• Incoming invitations for Apple services are blocked unless you person antecedently invited that person.
• The Focus diagnostic “and immoderate related presumption volition not enactment arsenic expected.”
• Game Center is disabled.
• Location accusation is stripped erstwhile you stock photos. 
• “Shared albums are removed from the Photos app, and caller Shared Album invitations are blocked.”
• You request to unlock your instrumentality to link it to an accessory oregon a computer. When connecting a Mac with Apple-made processors to an accessory, the machine needs to beryllium unlocked and you person to o.k. the transportation with your passcode.
• You can’t link automatically to unfastened oregon nationalist Wi-Fi networks, and you volition beryllium disconnected from immoderate non-secure Wi-Fi networks that you antecedently connected to earlier enabling Lockdown Mode. 
• Your telephone won’t beryllium capable to link to 2G oregon 3G cellular networks.
• You can’t instal configuration profiles oregon enroll the instrumentality successful a Mobile Device Management program.

To power connected Lockdown Mode, spell to Settings, past Privacy & Security, and scroll down to Lockdown Mode. Once you alteration the feature, your Apple instrumentality volition restart. 

I person utilized Lockdown Mode for years. While I noticed immoderate websites being a spot wonky astatine the beginning, I haven’t noticed that successful a while. Also, you tin selectively power disconnected Lockdown Mode for circumstantial websites and apps, without disabling the diagnostic entirely. There are immoderate quirks, but I person gotten utilized to them, too.

Image Credits:TechCrunch /

Google’s Advanced Protection Program

Google launched its Advanced Protection Program successful 2017. This diagnostic is designed to marque your Google relationship much resilient against malicious hackers of each kinds. 

Advanced Protection Program includes the pursuing features:

• Restricts immoderate third-party services and apps from accessing your Google account, and lone with your permission.
• Enables “Deep Gmail Scans,” which scan your incoming emails for phishing attacks and malicious content.
• Enables Google Safe Browsing successful Chrome, which warns users navigating to unsafe sites oregon downloading unsafe files. 
• On Android, you tin lone instal apps and games from morganatic app stores.
• If idiosyncratic tries to log into your account, Google takes other steps to verify it’s truly you.

To crook connected Advanced Protection, spell to its authoritative page and click “Get Started.” This volition punctual you to log into your Google account. Follow the instructions there. 

First, you volition request to adhd a carnal information cardinal (or a bundle passkey) arsenic an further verification origin isolated from your passwords. You volition besides request to adhd a betterment telephone and a betterment email to your account, oregon usage a backup passkey oregon information key. 

Image Credits:EFF /

Android’s Advanced Protection Mode

Introduced last year and apt inspired by Apple’s Lockdown Mode, Android’s Advanced Protection Mode brings akin defenses to Google’s mobile operating system.

Android’s Advanced Protection Mode provides the pursuing information features:

• Enables Google Play Protect, which guards against malware and unwanted apps, and checks each apps for “harmful behavior.”
• Apps from chartless sources cannot beryllium installed, and updates from antecedently installed apps from chartless sources volition beryllium blocked from running.
• Enables Memory Tagging Extension (MTE) connected supported devices. MTE is simply a hardware-enforced diagnostic that protects against definite types of vulnerabilities. 
• The instrumentality locks automatically if it detects suspicious enactment “indicative of theft,” specified arsenic abrupt and accelerated movement. This is based connected information from the device’s question sensors, Wi-Fi, and Bluetooth. 
• The instrumentality locks automatically if it goes offline for a prolonged period. 
• The instrumentality automatically reboots if the telephone has been locked for 72 hours, making it harder to extract information utilizing instrumentality enforcement tools designed to unlock phones, specified arsenic devices made by Cellebrite.
• When the instrumentality is locked, USB connections are blocked.
• Google scans for “unwanted and perchance harmful messages.”
• Links sent via the Messages app from chartless users volition beryllium flagged. 
• Connection to 2G networks is blocked.
• Google volition place spam callers. 
• You volition beryllium capable to surface incoming calls and diminution spam calls automatically. (Available lone successful certain regions.)
• Enables Android Safe Browsing, which protects against malicious websites.
• Chrome volition automatically enforce HTTPS encryption for each sites.
• Some JavaScript functions are turned off, reducing the browser’s onslaught aboveground for imaginable weaknesses.
• You tin besides alteration Intrusion Logging, an optional diagnostic that helps researchers analyse spyware attacks. 

To alteration Advanced Protection Mode connected your Android device, spell to Settings, past Security and Privacy, and nether Other Settings, pat Advanced Protection, past pat Device Protection. 

Image Credits:TechCrunch / Screenshot /

WhatsApp’s Strict Account Settings

WhatsApp is utilized by much than 3 cardinal people, including those successful the crosshairs of resourceful authorities agencies. 

The request for hacking tools that people WhatsApp is truthful precocious request that exploits tin outgo millions of dollars — and they work. In 2019, WhatsApp caught a hacking campaign by NSO Group that targeted astir 1,200 users. Early past year, WhatsApp caught different spy operation that ensnared astir 90 users successful Europe. 

In response, earlier this year, WhatsApp launched Strict Account Settings, an opt-in diagnostic that switches connected immoderate privateness and information controls depending connected the operating system.

On Android and iOS, Strict Account Settings turns connected the pursuing features:

• Two-step verification.
• Security notifications, which alert users erstwhile a interaction has changed their telephone oregon reinstalled WhatsApp, oregon if an attacker takes power of their account. 
• Blocks attachments and media (pictures and videos) from chartless senders by default.
• Link previews are turned off.
• Calls from chartless numbers are silenced.
• Your IP code is hidden successful calls.
• Your illustration accusation and activity, specified arsenic erstwhile you were past seen online, your illustration photo, and About information, are hidden from radical who are not your contacts oregon members of a pre-established group. 
• Only contacts oregon members of a pre-established radical tin adhd you to a radical chat.

To power the diagnostic on, usage your superior instrumentality and spell to Settings, past Privacy, past scroll down to Advanced and crook it on.