WhatsApp is rolling out new security features aimed at protecting users who may be targeted by sophisticated cyber attacks, such as journalists, public figures, and other high-risk individuals. The new "Strict Account Settings" mode offers a lockdown-style layer of protection for WhatsApp accounts, allowing users to tighten their privacy.
WhatsApp already provides end-to-end encryption by default for personal messages and calls, ensuring conversations remain private. In a post published by Meta, the company explained that it is continually adding new security measures, particularly for the small subset of users who may face advanced threats. The introduction of Strict Account Settings reinforces WhatsApp’s broader privacy posture, which the platform has previously defended in court, warning it would leave India rather than comply with orders that could compromise message encryption.
This is particularly relevant given recent security concerns: Google Project Zero recently highlighted a WhatsApp Android vulnerability involving malicious media files delivered through group chats, files that would download automatically without user interaction unless advanced chat privacy or media auto-download was disabled, underscoring how quickly attackers can exploit the app"s most commonly used features. The vulnerability also highlighted how WhatsApp’s ubiquity makes it an attractive target for attackers, and why additional safeguards are increasingly necessary.
Strict Account Settings locks an account into the most restrictive privacy configurations. Once enabled, the feature automatically blocks attachments and media from unknown contacts, silences calls from unfamiliar numbers, and limits additional settings that could expose a user to risk. While this may reduce some of the app’s functionality, it is designed to provide maximum protection for those who need it.
The feature will be available in WhatsApp’s settings under Privacy > Advanced, and is expected to roll out globally in the coming weeks. Meta described it as part of a broader effort to shield users from the most sophisticated cyber threats.