These special phone and app features can help protect you from spyware

Spyware and adware assaults on journalists, human rights defenders, and political dissidents are not uncommon or unique. In early 2025, WhatsApp notified roughly 90 users — a lot of them journalists and civil society members throughout Europe — that they’d been focused by Israeli spyware and adware firm Paragon Options. Months later, Apple despatched risk notifications to a brand new group of iOS customers; forensic evaluation confirmed two of them, each journalists, had been hit with Paragon’s Graphite spyware and adware utilizing a zero-click assault, that means they didn’t even need to faucet a hyperlink to be compromised. These aren’t remoted incidents. They’re the norm.

For the final 15 years, safety researchers have documented numerous instances the place authorities hackers have focused and efficiently compromised journalists, human rights defenders, critics, and political opponents. 

These assaults depend on costly, subtle, and stealthy instruments that permit their operators to hack into and set up spyware and adware on computer systems, however particularly smartphones, which maintain just about all the knowledge about an individual’s day by day life. 

Spyware and adware offers its operators just about full entry to the goal’s machine and knowledge. Authorities spies can report telephone calls, steal chat messages, entry photographs, and change on the machine’s digital camera and microphone to report ambient sound and report close by conversations. Spyware and adware additionally usually tracks an individual’s real-time location.

In response to those assaults, tech giants now present their customers with higher defenses. Particularly, Apple, Google, and Meta provide opt-in options particularly designed to counter focused spyware and adware assaults. 

Typically talking, these options add additional safety, generally by turning off or limiting some common options. It’s a tradeoff, however having used these myself for a very long time, I’ve by no means discovered them to be too onerous or annoying to make use of. 

Tech corporations, safety researchers who’ve studied spyware and adware for years, and we at TechCrunch, suggest that you just use these options should you suspect it’s possible you’ll be a goal of presidency surveillance due to who you’re or what you do. Even should you’re not, these security measures will preserve your knowledge higher shielded from coming into the incorrect arms. 

No safety measure is ideal, and it’s a relentless effort to maintain safety flaws at bay. Spyware and adware makers discover new methods to hack into telephones and providers, then software program makers be taught from these assaults and reply. Rinse and repeat. 

However that doesn’t imply these options usually are not price utilizing. Quite the opposite; these options have been confirmed efficient. 

“These options are free, simple to allow, and the very best protection now we have as we speak towards subtle spyware and adware,” stated Runa Sandvik, a safety researcher who has labored to guard journalists and different at-risk communities for greater than a decade. “If the options get in the way in which of one thing you’ll want to do, you possibly can simply flip them off once more — that means it prices little or no to show them on and take a look at them out.”

Right here’s a recap of those options, and easy methods to change them on. 

Apple’s Lockdown Mode

Apple’s Lockdown Mode is accessible on all Apple gadgets, together with iPhones. Apple says that when Lockdown Mode is enabled, “your machine gained’t operate prefer it usually does.” In trade for this inconvenience, your machine can be safer. 

There may be proof that Lockdown Mode has helped previously. Citizen Lab discovered that Lockdown Mode stopped one spyware attack carried out with NSO Group’s Pegasus software program. As lately as March, Apple stated it has never detected a profitable assault on an Apple machine with Lockdown Mode enabled.

That is what Lockdown Mode modifications in your machine whenever you flip it on:

• Attachments acquired on iMessage aside from some photos, video, and audio are blocked by default.
• Hyperlinks and previews in iMessage are blocked and seem as non-linked internet addresses. (You may copy and paste the hyperlinks into Safari or one other browser in order for you.)
• Fonts, some photos, and a few internet applied sciences are blocked when shopping in Safari.
• Incoming FaceTime calls are blocked should you haven’t contacted that individual earlier than or within the final 30 days. 
• Display sharing, content material sharing over SharePlay, and Dwell Pictures are unavailable.
• Incoming invites for Apple providers are blocked until you might have beforehand invited that individual.
• The Focus function “and any associated standing is not going to work as anticipated.”
• Sport Heart is disabled.
• Location data is stripped whenever you share photographs. 
• “Shared albums are faraway from the Pictures app, and new Shared Album invites are blocked.”
• That you must unlock your machine to attach it to an adjunct or a pc. When connecting a Mac with Apple-made processors to an adjunct, the pc must be unlocked and you must approve the connection along with your passcode.
• You may’t join routinely to open or public Wi-Fi networks, and you’ll be disconnected from any non-secure Wi-Fi networks that you just beforehand related to earlier than enabling Lockdown Mode. 
• Your telephone gained’t be capable of hook up with 2G or 3G mobile networks.
• You may’t set up configuration profiles or enroll the machine in a Cell Gadget Administration program.

To modify on Lockdown Mode, go to Settings, then Privateness & Safety, and scroll right down to Lockdown Mode. When you allow the function, your Apple machine will restart. 

I’ve used Lockdown Mode for years. Whereas I observed some web sites being a bit wonky in the beginning, I haven’t observed that shortly. Additionally, you possibly can selectively change off Lockdown Mode for particular web sites and apps, with out disabling the function completely. There are some quirks, however I’ve gotten used to them, too.

Google’s Superior Safety Program

Google launched its Advanced Protection Program in 2017. This function is designed to make your Google account extra resilient towards malicious hackers of all types. 

Superior Safety Program consists of the next options:

• Restricts some third-party providers and apps from accessing your Google account, and solely along with your permission.
• Allows “Deep Gmail Scans,” which scan your incoming emails for phishing assaults and malicious content material.
• Allows Google Secure Looking in Chrome, which warns customers navigating to harmful websites or downloading harmful information. 
• On Android, you possibly can solely set up apps and video games from legit app shops.
• If somebody tries to log into your account, Google takes additional steps to confirm it’s actually you.

To activate Superior Safety, go to its official page and click on “Get Began.” This can immediate you to log into your Google account. Comply with the directions there. 

First, you will want so as to add a bodily safety key (or a software program passkey) as an extra verification issue aside out of your passwords. Additionally, you will want so as to add a restoration telephone and a restoration e mail to your account, or use a backup passkey or safety key. 

Android’s Superior Safety Mode

Launched last year and sure impressed by Apple’s Lockdown Mode, Android’s Advanced Protection Mode brings related defenses to Google’s cellular working system.

Android’s Superior Safety Mode supplies the next security measures:

• Allows Google Play Shield, which guards towards malware and undesirable apps, and checks all apps for “dangerous habits.”
• Apps from unknown sources can’t be put in, and updates from beforehand put in apps from unknown sources can be blocked from working.
• Allows Reminiscence Tagging Extension (MTE) on supported gadgets. MTE is a hardware-enforced function that protects towards sure forms of vulnerabilities. 
• The machine locks routinely if it detects suspicious exercise “indicative of theft,” similar to sudden and quick motion. That is based mostly on knowledge from the machine’s movement sensors, Wi-Fi, and Bluetooth. 
• The machine locks routinely if it goes offline for a protracted interval. 
• The machine routinely reboots if the telephone has been locked for 72 hours, making it more durable to extract knowledge utilizing regulation enforcement instruments designed to unlock telephones, similar to gadgets made by Cellebrite.
• When the machine is locked, USB connections are blocked.
• Google scans for “undesirable and probably dangerous messages.”
• Hyperlinks despatched through the Messages app from unknown customers can be flagged. 
• Connection to 2G networks is blocked.
• Google will establish spam callers. 
• It is possible for you to to display screen incoming calls and decline spam calls routinely. (Accessible solely in certain regions.)
• Allows Android Secure Looking, which protects towards malicious web sites.
• Chrome will routinely implement HTTPS encryption for all websites.
• Some JavaScript capabilities are turned off, lowering the browser’s assault floor for potential weaknesses.
• It’s also possible to allow Intrusion Logging, an non-compulsory function that helps researchers investigate spyware attacks. 

To allow Superior Safety Mode in your Android machine, go to Settings, then Safety and Privateness, and underneath Different Settings, faucet Superior Safety, then faucet Gadget Safety. 

WhatsApp’s Strict Account Settings

WhatsApp is utilized by greater than 3 billion individuals, together with these within the crosshairs of resourceful authorities companies. 

The demand for hacking instruments that focus on WhatsApp is so excessive demand that exploits can cost millions of dollars — and so they work. In 2019, WhatsApp caught a hacking campaign by NSO Group that focused round 1,200 customers. Early final 12 months, WhatsApp caught another spy operation that ensnared round 90 customers in Europe. 

In response, earlier this 12 months, WhatsApp launched Strict Account Settings, an opt-in function that switches on some privateness and safety controls relying on the working system.

On Android and iOS, Strict Account Settings activates the next options:

• Two-step verification.
• Security notifications, which alert customers when a contact has modified their telephone or reinstalled WhatsApp, or if an attacker takes management of their account. 
• Blocks attachments and media (footage and movies) from unknown senders by default.
• Hyperlink previews are turned off.
• Calls from unknown numbers are silenced.
• Your IP deal with is hidden in calls.
• Your profile data and exercise, similar to whenever you have been final seen on-line, your profile photograph, and About data, are hidden from people who find themselves not your contacts or members of a pre-established group. 
• Solely contacts or members of a pre-established group can add you to a gaggle chat.

To modify the function on, use your main machine and go to Settings, then Privateness, then scroll right down to Superior and switch it on.