Meta's WhatsApp launches consolidated privacy controls with mandatory two-step verification and message encryption safeguards, while transitioning critical media handling components to Rust.
WhatsApp has implemented comprehensive privacy controls through its new Strict Account Settings feature, creating a unified compliance framework for high-risk users. The security package combines seven existing privacy options into a single toggle while introducing mandatory two-step verification for all enabled accounts.
Key Compliance Requirements
When activated (Settings > Privacy > Advanced), Strict Account Settings enforces:
- Visibility Restrictions: Limits display of last seen status, online presence, and profile details to contacts only
- Group Participation Controls: Restricts group additions to authorized contacts
- Content Security: Disables link previews to prevent tracking
- Message Filtering: Blocks high-volume messages from unknown accounts
- Verification Enforcement: Mandates two-step verification
- Encryption Monitoring: Activates security code change notifications
- Media Validation: Uses new Rust-based library for malicious file detection
Implementation Timeline
The feature rolls out globally over the next four weeks (effective February 24, 2026). Organizations handling sensitive communications should:
- Audit current WhatsApp configurations against WhatsApp's Business Policy
- Train high-risk personnel on activation procedures
- Update acceptable use policies to reflect new defaults
Technical Compliance Enhancements
Concurrently, WhatsApp replaced its legacy C++ media processing library with a Rust-based alternative that:
- Reduces attack surface by 62% (Meta internal metrics)
- Performs real-time format validation on all incoming files
- Implements memory-safe consistency checks
This architectural change aligns with NIST SP 800-193 guidelines for platform firmware resilience. Meta confirms accelerated Rust adoption across other messaging infrastructure through 2027.
Regulatory Context
The update precedes upcoming EU Digital Services Act (DSA) requirements for:
- Default privacy protections (Article 25)
- Risk-based content moderation (Article 34)
- Independent security audits (Article 37)
While not explicitly addressing California's SB 362 (Social Media Content Moderation Act), the controls provide mechanisms for compliance with similar disclosure limitation statutes.
Organizations subject to GDPR, HIPAA, or FINRA regulations should review WhatsApp's updated Data Processing Terms when implementing these settings for business communications.
Comments
Please log in or register to join the discussion