These phone and app special features help protect you from spyware

Spyware attacks against journalists, human rights activists, and political dissidents are no longer rare or uncommon. In early 2025, WhatsApp notified around 90 users, many of them journalists and civil society members across Europe, that they had been targeted by Israeli spyware company Paragon Solutions. A few months later, Apple sent a threat notification to a new group of iOS users. Forensic analysis confirmed that two of the individuals, both journalists, were attacked by Paragon’s Graphite spyware using a zero-click attack. That means you didn’t even have to tap on the link to get infected. These are not isolated incidents. That’s the standard.

Over the past 15 years, security researchers have documented countless instances in which government hackers successfully targeted and compromised journalists, human rights activists, commentators, and political opponents.

These attacks rely on expensive and sophisticated stealth tools that allow operators to hack into and install spyware on computers, especially smartphones, which hold virtually all data about an individual’s daily life.

Spyware gives the operator virtually complete access to the target’s device and data. Government spies can record phone calls, steal chat messages, access photos, turn on your device’s camera and microphone to record ambient sounds, and record nearby conversations. Spyware typically also tracks a person’s real-time location.

To combat these attacks, tech giants are now offering users better defenses. In particular, Apple, Google, and Meta offer opt-in features specifically designed to combat targeted spyware attacks.

Generally, these features provide additional protection, sometimes by turning off or limiting some normal functionality. It’s a trade-off, but I’ve used these for a long time myself and have never found them difficult or cumbersome to use.

Technology companies, security researchers who have studied spyware for years, and ourselves at TechCrunch recommend using these features if you suspect you may be the subject of government surveillance because of who you are or what you do. Even if you don’t, these security features will keep your data from falling into the wrong hands.

No security measure is perfect and continuous efforts are required to prevent security flaws. Spyware makers find new ways to hack phones and services, and software makers learn from and respond to those attacks. Rinse and repeat.

But that doesn’t mean these features aren’t worth using. On the contrary; these features have been proven to be effective.

“These features are free, easy to enable, and are today’s best defense against advanced spyware,” said Luna Sandvik, a security researcher who has spent more than a decade protecting journalists and other at-risk communities. “If something gets in the way of a feature you want, you can easily turn it off again, meaning it costs almost nothing to turn it on and try it out.”

Here’s an overview of these features and how to turn them on.

Apple’s lockdown mode

Apple’s Lockdown Mode is available on all Apple devices, including iPhones. Apple says that when lockdown mode is enabled, “your device will no longer function normally.” In exchange for this inconvenience, your device will be more secure.

There is evidence that lockdown mode has been helpful in the past. Citizen Lab found that one spyware attack carried out using NSO Group’s Pegasus software was thwarted by lockdown mode. Apple said as of March that it had not detected a single successful attack against an Apple device with Lockdown Mode enabled.

When you turn on lockdown mode on your device, the following changes occur:

Attachments received in iMessage (with the exception of some images, videos, and audio) are blocked by default. iMessage links and previews are blocked and appear as unlinked web addresses. (You can copy and paste the link into Safari or another browser if you like.) When you browse in Safari, fonts, some images, and some web technologies are blocked. If you haven’t contacted the person before or in the past 30 days, they’ll block you from receiving FaceTime calls. Screen sharing, content sharing with SharePlay, and Live Photos are not available. Unless you previously invited the person, they will be blocked from receiving invitations to Apple services. Focus functionality and related status do not work as expected. Game Center is disabled. When you share a photo, your location information will be removed. “The shared album will be removed from the Photos app and invitations to new shared albums will be blocked.” You must unlock your device to connect it to an accessory or computer. When you connect a Mac with an Apple processor to an accessory, you must unlock your computer and use a passcode to authorize the connection. You cannot automatically connect to open or public Wi-Fi networks. You will also be disconnected from any unsecured Wi-Fi networks you were previously connected to before enabling Lockdown Mode. Your phone will no longer be able to connect to 2G or 3G cellular networks. You cannot install configuration profiles or enroll devices in mobile device management programs.

To turn on lockdown mode,[設定],[プライバシーとセキュリティ]Go to[ロックダウン モード]Scroll down to Enabling this feature will restart your Apple device.

I’ve been using lockdown mode for years. I noticed that some of the websites were a little unstable at first, but that stopped bothering me for a while. You can also selectively turn off lockdown mode for specific websites or apps without completely disabling the feature. There are some quirks, but I’ve gotten used to them.

Google’s advanced protection program

Google launched its Advanced Protection program in 2017. This feature is designed to make your Google Account more resilient to all types of malicious hackers.

The Advanced Protection Program includes the following features:

Restrict some third-party services and apps from accessing your Google Account only with your permission. Enable Deep Gmail Scan, which scans incoming emails for phishing attacks and malicious content. Enable Google Safe Browsing in Chrome to warn users about visiting dangerous sites or downloading dangerous files. Android allows you to install apps and games only from official app stores. When someone tries to log into your account, Google takes extra steps to verify that it’s really you.

To enable advanced protection features, visit the official page and click Get Started. You’ll be prompted to sign in to your Google Account. Please follow the instructions there.

First, you need to add a physical security key (or software passkey) as an additional verification factor apart from your password. You must also add a recovery phone number and recovery email to your account, or use a backup passkey or security key.

Android Advanced Protected Mode

Android’s Advanced Protected Mode, introduced last year and perhaps inspired by Apple’s Lockdown Mode, brings similar protection to Google’s mobile operating system.

Android Advanced Protected Mode provides the following security features:

Enable Google Play Protect, which protects you from malware and unwanted apps and checks all apps for “harmful behavior.” Apps from unknown sources cannot be installed. Additionally, updates to previously installed apps from unknown sources will be blocked from running. Enables Memory Tagging Extensions (MTE) on supported devices. MTE is a hardware enforcement feature that protects against certain types of vulnerabilities. Your device will automatically lock if it detects suspicious activity that is “indicative of theft,” such as sudden rapid movement. This is based on data from your device’s motion sensors, Wi-Fi, and Bluetooth. If your device is offline for an extended period of time, it will automatically lock. If a phone is locked for 72 hours, the device automatically restarts, making it difficult to extract data using law enforcement tools designed to unlock phones, such as devices made by Cellebrite. When a device is locked, USB connections are blocked. Google scans for “unwanted and potentially harmful messages.” Links sent via the Messages app by unknown users will be flagged. Connection to 2G network is blocked. Google identifies spammers. You will be able to screen incoming calls and automatically reject spam calls. (Available in certain regions only.) Enable Android Safe Browsing to protect you from malicious websites. Chrome automatically applies HTTPS encryption to all sites. Some JavaScript features are turned off, reducing the browser’s attack surface for potential weaknesses. You can also enable intrusion logging, an optional feature that helps researchers investigate spyware attacks.

To enable Advanced Protected Mode on your Android device,[設定],[セキュリティとプライバシー]Go to[その他の設定]in[高度な保護]Tap[デバイスの保護]Tap.

Strict account settings for WhatsApp

WhatsApp is used by more than 3 billion people, including some resourceful government targets.

Hacking tools targeting WhatsApp are in such high demand that exploits can cost millions of dollars. And they work. In 2019, WhatsApp caught a hacking campaign by NSO Group that targeted around 1,200 users. Early last year, WhatsApp caught another spying operation that ensnared around 90 users in Europe.

In response, WhatsApp earlier this year launched Strict Account Settings, an opt-in feature that turns on some privacy and security controls depending on the operating system.

On Android and iOS, strict account settings enable the following features:

Two-factor authentication. Security notification. Alert users if a contact changes their phone, reinstalls WhatsApp, or if an attacker takes control of their account. Block attachments and media (photos and videos) from unknown senders by default. Link previews are turned off. Calls from unknown numbers will be silenced. Your IP address is hidden from calls. Your profile information and activity, including when you were last viewed online, your profile picture, and information about yourself, will be hidden from anyone who is not your contact or a member of a predefined group. Only contacts or members of pre-established groups can add you to group chats.

To turn on this feature, use your primary device to[設定],[プライバシー]Go to[詳細]Scroll down and turn it on.