WhatsApp has begun rolling out a new protection mode designed for those who need to keep their chats secure. at the highest possible level against advanced cyberattacksThis is called "Strict Account Settings," an optional setting that turns the app into a kind of restricted access zone where almost everything from unknown sources is kept out.
This function is specifically aimed at high-risk profiles such as journalists, activists, human rights defenders, or public figuresHowever, any user in Spain or the rest of Europe can activate it if they want to protect their account and protect your contentIn exchange for a slightly less user-friendly experience, the app blocks many of the common methods used by spyware and targeted attacks to infiltrate mobile phones.
What is strict account settings and what changes in WhatsApp?
"Strict account settings" is, in practice, a strict lock mode that groups several advanced security measures into a single sectionInstead of tapping individual options, activating it applies a series of restrictions all at once, tightening the app's behavior.
Once this mode is activated, WhatsApp starts functioning like a high-security zone where only certain content and, above all, known contacts have free reinThis involves reviewing how files, profile visibility, calls, groups, and account security are managed.
Meta presents this tool as a messaging-adapted equivalent to the lock mode that Apple incorporated into the iPhone: prioritizes protection over everyday comfortIt does not replace end-to-end encryption —which remains the foundation of the platform—, but rather complements it by better controlling what enters the device.
The rollout of this new feature is being carried out gradually on a global scale, with expected to arrive over the next few weeks for iOS and Android users in Spain and the rest of EuropeThe option appears within the privacy menu, and each region will receive it on different dates.
Blocking files, links, and calls from unknown numbers
One of the key features of strict blocking mode is managing all incoming calls from numbers not in your contacts. With this setting active, Photos, videos, and documents sent by unknown senders are automatically blocked. before the system processes them.
This change aims to nip in the bud a type of attack that is becoming increasingly common, in which a seemingly harmless multimedia file can hide spyware or banking trojans capable of taking control of the phone by exploiting software vulnerabilitiesBy preventing such content from being processed if it does not come from saved contacts, the attackers' room for maneuver is greatly reduced.
Furthermore, WhatsApp is tightening its handling of messages from new numbers. The system Activate more aggressive filters against large volumes of messages from accounts you don't have saved.This is useful for curbing spam campaigns, phishing attempts, and mass mailings used as bait for malicious payloads.
In the area of ​​calls, the application can Automatically silence incoming calls from numbers that are not in your contactsThis measure aims to reduce both telephone harassment and attempts to deceive users through calls that seek to trick them into clicking links, sharing sensitive data, or installing dubious applications.
A significant change is also being introduced in the way links received via chat are handled: Previews are disabled when strict configuration is active. This prevents the system from loading external resources or executing code that could be exploited by an attacker simply to generate a preview.
Changes to profile privacy, presence, and group management
Strict lock mode is not limited to files: it also modifies What information about you can others see within WhatsAppThe visibility of data such as last seen time, online status, profile picture, or the "Info" section becomes more restricted. Additionally, it's advisable to review system controls, such as the privacy controls from the manufacturer, to complement these protections.
With this configuration, those details can only be accessed for your contacts or, if you adjust it so, for an even smaller list of trusted peopleThe idea is to make it more difficult for a third party to monitor your schedules, usage patterns, or use your image and data to impersonate you.
The feature also tightens how you can be added to groups. By default, only Known contacts—or a very select list that you define—have permission to include you in new groupsThis is intended to prevent the sudden appearance of suspicious group chats, a common tactic used to spread misinformation, launch coordinated scams, or distribute dangerous links.
Simultaneously, account security notifications are reviewed. With strict mode active, Security alerts regarding key changes and encryption are activated and blocked.so that the user receives alerts if a sensitive change occurs in the session or on the linked devices.
WhatsApp complements this approach by recommending the use of End-to-end encrypted backups for those who store their chats in the cloudBy combining secure backups with strict configuration, exposure is reduced both within the phone and on external services where data is stored.
Two-step verification and locking of sensitive settings
Another key component of strict lock mode is enhanced authentication. By enabling "Strict Account Settings," Two-step verification is automatically enabledadding an additional code that is required to register the account on a new device.
With this barrier, even if someone manages to get hold of your phone number or intercepts an SMS, You won't be able to move your account to another mobile without knowing that second code.For highly targeted profiles, this detail can make all the difference when attempting to hijack an account to spy on conversations or impersonate someone.
Strict mode also locks certain parameters to their most conservative version. Some security options remain disabled. forced at the most restrictive level, preventing them from being deactivated without going through the specific menuThis makes it more difficult for an attacker with limited access to the device to relax the settings without the user noticing.
In everyday life, this translates into a more controlled experience, in which The application behaves much more cautiously in the face of any change in environment.Attempts to log in on other devices, changes to privacy settings, and actions that affect encryption generate more warnings and require more confirmation steps.
This entire set of measures pursues a simple objective: increasing the cost and difficulty of executing a successful attack against an account protected with this modeIt doesn't eliminate the risk completely, but it forces attackers to work much harder or seek less protected targets.
How to activate strict lock mode on your mobile phone
"Strict account settings" are not enabled by default. To activate this enhanced security profile, you must access the app's settings menu and follow a specific path. Generally speaking, the process is as follows: WhatsApp settings > Privacy > Advanced > Strict account settings.
Once inside that section, the user can activate or deactivate strict lock mode as needed. The company emphasizes that It is an optional feature designed for higher-risk situationsTherefore, each person can decide whether it is worthwhile to keep it always on or to use it only at specific times.
It is important to keep in mind one practical limitation: This configuration can only be managed from the main deviceIt is not possible to activate, modify, or deactivate it from WhatsApp Web or from the desktop applications linked to the mobile device. This is to prevent unauthorized remote changes if someone gains access to a computer where a session is open.
The feature rollout began in late January and It is being released gradually to iOS and Android users worldwideIn Spain and other European countries, it may take a few days or weeks to appear, depending on the app's update rate and the region.
Anyone who decides to try it will quickly notice that The flow of messages, files, and calls from unknown numbers is drastically reducedSome common interactions become slower or require extra steps, but in return the attack surface narrows considerably.
A mode designed for spyware attacks and targeted campaigns
The context in which this new development arrives is marked by an increase in attacks using spyware and advanced surveillance toolsMany of these attacks target very specific objectives. It's no longer just about mass scams, but about campaigns in which a specific file is prepared to exploit a particular vulnerability.
In these types of scenarios, the exploit only needs to be triggered when the phone receives and processes a video, image, or document in a specific format. That's why WhatsApp decided to focus on directly cutting file input from unsaved numbersthus reducing the chances of a "Trojan horse" sneaking in without the user doing anything seemingly unusual.
The company mentions the following groups as particularly exposed to journalists, activists, human rights defenders and other public figuresThese individuals often handle sensitive information, work in delicate environments, or are under focused surveillance, making them more likely to be targeted by carefully designed attacks.
The role of strict lock mode, in this environment, is to put more technical obstacles in the way of those who try to exploit zero-day vulnerabilities or very specific software errorsIf an attacker knows that their files won't even be processed unless they manage to become a contact of the target, they are forced to look for other ways.
Even so, the company itself acknowledges that Absolute security does not existWhat you can do is close as many doors as possible, combine these types of tools with good usage practices, and be attentive to anomalous device or account behavior.
Rust and the internal changes that bolster security
Alongside the introduction of strict blocking mode, WhatsApp is undergoing a less visible but relevant transformation: Part of its internal code is being rewritten in Rust, a programming language known for its memory safety guarantees. This strategy complements broader measures for strengthen Android security.
Many advanced attacks against applications and operating systems are based on memory management errors, such as buffer overflows or unauthorized access to data areasRust incorporates built-in mechanisms that prevent many of these errors during the development phase, reducing the possibility of exploitable "holes".
By processing photos, videos, and other content using components written in this language, The app becomes more resistant to attempts to execute malicious code by exploiting bugs in file handling.To the user everything looks the same, but underneath the structure is less fragile against complex exploits.
Meta explained on its engineering blog that this effort is part of a broader strategy, which combines Visible adjustments for the user with profound changes in the internal architectureThe goal is to raise the bar for overall safety without requiring the average user to master technical concepts.
This approach fits with a scenario in which The boundary between what happens on the device and what happens on the servers is becoming increasingly blurred.Strengthening both sides — the local code and the configuration options — helps to better contain the damage if a vulnerability appears or a massive attack campaign is detected.
Who should activate strict lockdown mode and when does it pay off?
Not all users need to have "Strict Account Settings" permanently enabled. For many people, WhatsApp's standard protections—encryption, privacy controls, and basic verifications—may be sufficient. In day to day.
This mode is designed, above all, as an additional layer for high-risk profiles or for particularly delicate momentsIt can be useful, for example, for journalists covering sensitive topics, people traveling to countries with heavy digital surveillance, users who suspect they are being targeted by hacking attempts, or those who manage highly confidential information from their mobile phones.
Activating it involves making certain sacrifices: Fewer messages and files are received from unknown senders; there are more filters and more verification steps. And its presence within the app becomes more discreet. Some tasks that were previously automatic may require additional confirmations.
In Europe, where both authorities and cybersecurity agencies have long warned of the increase in scams and attacks targeting mobile phones, These types of tools are presented as an interesting complement to classic advice. (Do not click on suspicious links, keep your system updated, use strong passwords, etc.).
For those who decide to use it, strict lock mode offers a more controlled messaging environment, in which the risk of a dangerous file or a suspicious call escalating into something serious is significantly reduced, at the cost of a somewhat more rigid experience but one more aligned with a high-threat scenario.
