Built-In Phone and App Security Features That Can Help Prevent Spyware Attacks

Spyware attacks targeting journalists, human rights defenders, political dissidents, and civil society groups are no longer isolated incidents. In recent years, highly sophisticated surveillance campaigns have become increasingly common, often relying on advanced spyware that can silently infiltrate smartphones and grant extensive access to personal data.

Earlier this year, around 90 WhatsApp users, many of them journalists and members of civil society organizations across Europe, were notified that they had been targeted by spyware linked to Paragon Solutions. Months later, Apple issued threat notifications to another group of iPhone users. Subsequent forensic investigations confirmed that at least two journalists had been infected by Paragon’s Graphite spyware through a so-called “zero-click” attack, meaning the victims did not need to click a link or interact with any content for their devices to be compromised.

These incidents reflect a broader trend. Over the past 15 years, cybersecurity researchers have documented numerous cases in which government-backed hackers deployed spyware against journalists, activists, opposition figures, and critics around the world.

Modern spyware gives operators extraordinary control over a target’s device. Once installed, it can:

• Record phone calls.
• Access private messages and chat conversations.
• Steal usernames, passwords, and credentials.
• View photos and stored files.
• Activate microphones and cameras remotely.
• Monitor conversations taking place near the device.
• Track a person’s location in real time.

Because smartphones contain a detailed record of a person’s daily life, they have become one of the most valuable targets for surveillance operations.

To help counter these threats, major technology companies have introduced dedicated security protections to defend against sophisticated attacks. Companies including Apple, Google, and Meta now offer optional security features designed to make devices and accounts significantly harder to compromise.

These protections often involve limiting certain functions or adding additional verification requirements. While some convenience features may be reduced, many security experts argue that the trade-off is worthwhile, especially for individuals at elevated risk.

Cybersecurity researcher Runa Sandvik, who has spent years helping journalists and vulnerable communities improve their digital security, says these protections remain among the strongest defences available today against sophisticated spyware campaigns.

According to Sandvik, the features are free, relatively easy to enable, and can be disabled again if they interfere with important workflows. For many users, trying them involves little downside while providing meaningful additional protection.

Apple’s Lockdown Mode

Apple’s Lockdown Mode is available across iPhones, iPads, and Macs. The company describes it as an extreme security option designed for individuals who may face highly targeted digital attacks.

When enabled, Lockdown Mode changes how several features operate:

• Most iMessage attachments are blocked by default, except for certain image, video, and audio formats.
• Link previews in iMessage are disabled.
• Web links appear as plain text rather than clickable URLs.
• Certain fonts, images, and advanced web technologies are restricted in Safari.
• Incoming FaceTime calls from unknown contacts may be blocked.
• Screen sharing and SharePlay features become unavailable.
• Live Photos functionality is disabled.
• Invitations to Apple services are blocked unless a previous contact exists.
• Shared Albums are removed from the Photos app.
• New Shared Album invitations are automatically blocked.
• Location information is removed from shared photos.
• Devices must be unlocked before connecting to accessories or computers.
• Automatic connections to public or unsecured Wi-Fi networks are disabled.
• Existing non-secure Wi-Fi connections are terminated.
• Connections to 2G and 3G cellular networks are blocked.
• Configuration profiles cannot be installed.
• Enrollment in Mobile Device Management systems is restricted.

Security researchers at Citizen Lab have documented instances in which Lockdown Mode successfully blocked attacks involving Pegasus spyware developed by NSO Group. Apple has also stated that it has not observed successful compromises of devices running Lockdown Mode since its introduction.

Users can activate Lockdown Mode by opening Settings, selecting Privacy & Security, scrolling to Lockdown Mode, and enabling the feature. The device will restart after activation.

Google’s Advanced Protection Program

Google introduced its Advanced Protection Program in 2017 to help secure accounts of users who may face elevated risks of targeted attacks.

The program adds several layers of protection:

• Restricts access by third-party apps and services unless explicitly approved.
• Enables enhanced Gmail scanning for phishing attempts and malicious content.
• Activates Google Safe Browsing protections in Chrome.
• Warns users about dangerous websites and suspicious downloads.
• Requires stronger identity verification during account logins.
• Uses security keys or passkeys as an additional layer of authentication.
• Supports recovery phone numbers and backup verification methods.

The goal is to reduce the likelihood of phishing attacks, credential theft, and unauthorized account access.

Users can enrol through Google’s Advanced Protection portal and follow the setup process to configure security keys, passkeys, and recovery options.

Android’s Advanced Protection Mode

Google recently expanded its security offerings by introducing Advanced Protection Mode for Android devices, a feature that bears some resemblance to Apple’s Lockdown Mode.

Once enabled, Android’s Advanced Protection Mode activates several defences

• Enables Google Play Protect malware scanning.
• Continuously checks apps for harmful behaviour.
• Blocks the installation of applications from unknown sources.
• Prevents updates from previously installed unauthorized applications.
• Enables Memory Tagging Extension (MTE) on supported hardware.
• Automatically locks devices when suspicious activity is detected.
• Uses motion sensors, Wi-Fi, and Bluetooth data to identify possible theft.
• Locks devices that remain offline for extended periods.
• Automatically reboots devices after 72 hours of inactivity.
• Restricts USB connections while devices remain locked.
• Scans messages for harmful or suspicious content.
• Flags potentially dangerous links from unknown senders.
• Blocks connections to 2G networks.
• Identifies potential spam callers.
• Supports automatic screening and rejection of spam calls in supported regions.
• Activates Android Safe Browsing protections.
• Forces HTTPS encryption whenever possible.
• Disables specific JavaScript functions to reduce the browser attack surface.
• Offers optional Intrusion Logging for advanced investigations.

Users can enable the feature through Settings > Security & Privacy > Advanced Protection > Device Protection.

WhatsApp’s Strict Account Settings

Messaging applications remain one of the most attractive targets for spyware developers. Over the years, WhatsApp has repeatedly disrupted sophisticated surveillance campaigns targeting journalists, activists, and civil society organizations.

In response, the platform introduced Strict Account Settings, an optional security feature that combines several privacy protections into a single setting.

When activated, the feature automatically enables:

• Two-step verification.
• Security notifications about account changes.
• Alerts when contacts reinstall WhatsApp or change devices.
• Blocking of media files from unknown senders.
• Disabling link previews.
• Silencing of calls from unknown phone numbers.
• IP address protection during calls.
• Restrictions on who can view profile information.
• Protection for profile photos and About information.
• Restrictions on visibility of last-seen activity.
• Controls limiting who can add users to group chats.
• Group additions only from contacts or members of existing groups.

The feature can be enabled by opening WhatsApp Settings, selecting Privacy, scrolling to Advanced, and activating Strict Account Privacy.

Stronger Defences Against Modern Surveillance

No security feature can guarantee complete protection. Spyware developers constantly search for new vulnerabilities, while software companies continuously work to identify and patch weaknesses. The battle between attackers and defenders remains ongoing.

However, cybersecurity experts widely agree that enabling these protections significantly improves security and can make sophisticated attacks considerably more difficult to execute. For journalists, activists, public officials, and anyone concerned about Privacy, these built-in tools provide an important additional defence against privacy breaches.

As spyware technology becomes increasingly advanced, features such as Apple’s Lockdown Mode, Google’s Advanced Protection services, Android’s security enhancements, and WhatsApp’s stricter privacy controls are becoming essential tools for protecting personal information and reducing exposure to modern surveillance threats.