WhatsApp has begun rolling out a new lockdown-style security feature called “Strict Account Settings” designed to protect users from advanced threats and unwanted contact. According to the company:
This lockdown-style feature bolsters your security on WhatsApp even further with just a few taps by locking your account to the most restrictive settings like automatically blocking attachments and media from unknown senders, silencing calls from people you don’t know, and restricting other settings that may limit how the app works.
Strict Account Settings will be made available progressively through app updates and can be activated via Settings → Privacy → Advanced once visible on a user’s device. Meta has emphasized that this mode is optional and intended for those who require maximum privacy and protection beyond the default settings.
When enabled, Strict Account Settings applies a series of stringent restrictions that significantly reduce interaction vectors that attackers commonly exploit. These include blocking all media and attachments from contacts not in the user’s address book, silencing calls from unknown numbers, and disabling link previews, steps that narrow the attack surface for malicious content delivery and social engineering exploits.
In addition, the feature limits visibility of sensitive profile elements such as profile photo, “last seen,” and “About” information to contacts only, and automatically enforces two-step verification and secured invite handling, reducing opportunities for impersonation or account takeover. These protections go further than WhatsApp’s baseline privacy choices and align with “lockdown” protections seen in other platforms.
Security specialists note that this rollout puts WhatsApp alongside other major platforms that offer enhanced defenses for high-risk users. For example, Apple’s Lockdown Mode for iOS and macOS and Google’s Advanced Protection Program for Android are both designed to limit code execution paths and external input vectors that could be abused by sophisticated malware or state-level spyware.
While WhatsApp maintains that end-to-end encryption remains intact for all chats and calls, the company acknowledged that a subset of users may need additional safeguards against targeted threats that rely on more than encrypted messaging.
Meta has defended WhatsApp’s security pedigree, noting that the company has previously taken action against commercial spyware toolkits and has continuously rolled out improvements to secure communications. However, as threat actors evolve and attackers target users beyond casual nuisance spam, lockdown-style settings offer a practical line of defense.
Security researchers have welcomed the feature, with some calling it a “sensible option for users who need it most.” Experts say restricting incoming content and limiting unknown contact interaction can significantly reduce vectors for phishing, malware distribution, and unauthorized entry attempts that often start through deceptive multimedia or unsolicited calls.
Users with Strict Account Settings enabled may find that normal interactions with new contacts are restricted, and functions such as group invites from unknown parties may be limited. But defenders argue that for high-risk users, the security benefits far outweigh the inconvenience.
As WhatsApp put it:
WhatsApp has a strong track record of being loud when we find issues and working to hold bad actors accountable. For example, WhatsApp reports CVEs for important issues we find in our applications, even if we do not find evidence of exploitation. We do this to give people on WhatsApp the best chance of protecting themselves by seeing a security advisory and updating quickly.
Strict Account Settings will appear gradually as part of WhatsApp’s ongoing updates and is expected to roll out globally over the coming weeks. The company said it will continue refining the feature based on user feedback and evolving threat trends, reinforcing its broader commitment to safeguarding private communications in the face of increasingly capable adversaries.