Meta has launched 'Strict Account Settings' on WhatsApp, offering journalists and public figures enhanced security against sophisticated spyware attacks.
WhatsApp has introduced a new "Strict Account Settings" feature designed to provide extreme privacy protections for high-risk users who may be targeted by sophisticated cyber attacks, including government-sponsored spyware campaigns.
Enhanced Security for Vulnerable Users
The new feature, which began rolling out this week, builds upon WhatsApp's existing end-to-end encryption by adding multiple layers of protection specifically for journalists, public figures, and other individuals who face elevated security risks.
"We will always defend that right to privacy for everyone, starting with default end-to-end encryption. But we also know that a few of our users – like journalists or public-facing figures – may need extreme safeguards against rare and highly-sophisticated cyber attacks," WhatsApp stated in its announcement.
How Strict Account Settings Works
Users can enable these enhanced protections by navigating to Settings > Privacy > Advanced and toggling on "Strict account settings." However, this option is only available on primary devices, not through linked devices.
Once activated, the feature implements the following extreme privacy controls:
- Automatically enables two-step verification
- Blocks media and attachments from unknown senders
- Silences calls from unknown contacts
- Disables link previews
- Locks access to last seen and online status
- Hides profile photo, About details, and profile links
- Limits other features that could expose users to attacks
WhatsApp emphasizes that this feature is intended for a very small subset of users who believe they may be targets of sophisticated cyber campaigns. "Most people are not targeted by such attacks," the company noted in its support documentation.
Background: The Growing Threat Landscape
The introduction of Strict Account Settings comes amid increasing concerns about spyware attacks targeting journalists and activists. In recent years, numerous high-profile individuals have had their devices compromised through messaging apps using zero-click exploits.
Zero-click exploits allow threat actors, often government-sponsored, to hack into iOS and Android devices without any user interaction. These attacks have been particularly concerning because they can compromise devices simply through a message being received, without the victim needing to click any links or open attachments.
Technical Improvements Behind the Scenes
Alongside the new privacy feature, WhatsApp revealed it is gradually migrating to the Rust programming language to enhance security. This transition aims to provide better protection against spyware targeting photos, videos, and messages.
Rust's memory safety features make it particularly well-suited for security-critical applications, as it helps prevent common vulnerabilities that attackers might exploit.
Industry Context and Competition
WhatsApp's move follows similar initiatives by other tech companies. Apple introduced Lockdown Mode in July 2022, offering comparable protections for high-risk individuals on iOS, iPadOS, and macOS devices.
Lockdown Mode also works by "strictly limiting certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted mercenary spyware."
Recent Security Incidents
The need for such extreme protections has been underscored by several recent incidents:
- In August 2025, WhatsApp patched a zero-day vulnerability in its iOS and macOS clients that was being exploited in targeted zero-click attacks
- Months earlier, the company had addressed another zero-day flaw used to deploy Paragon Graphite spyware
- In November 2024, court documents revealed that NSO Group allegedly deployed multiple zero-day exploits even after being sued by WhatsApp
- In May 2025, NSO Group was fined $167 million for spyware attacks that targeted 1,400 WhatsApp users in 2019
Implementation Timeline
WhatsApp stated that the Strict Account Settings feature will roll out gradually over the coming weeks. The company has not provided specific dates for full deployment but indicated that the rollout would be phased to ensure stability and proper implementation.
This measured approach allows WhatsApp to monitor the feature's performance and address any issues before making it widely available to all eligible users.
Who Should Use This Feature?
While the enhanced protections are available to all users, WhatsApp strongly recommends enabling Strict Account Settings only for those who genuinely believe they may be targets of sophisticated cyber campaigns. For the vast majority of users, the standard security measures and end-to-end encryption provide sufficient protection.
The feature represents WhatsApp's recognition that different users have different security needs, and that some individuals require extraordinary measures to protect their communications and personal information from highly capable adversaries.
Comments
Please log in or register to join the discussion