How to Shield Your Phone From Spyware Using Built-In Security Features
Apple, Google, and Meta now offer powerful opt-in security tools designed to defend against targeted spyware. Here's what they do and how to turn them on.
Your Phone Is a Target — Here's How to Fight Back
Spyware attacks are no longer the stuff of spy thrillers. Today, they are a documented, recurring threat faced by journalists, human rights defenders, political activists, and dissidents around the world. In early 2025, WhatsApp alerted approximately 90 users — the majority of them journalists and civil society workers across Europe — that they had been targeted by Paragon Solutions, an Israeli spyware firm. Shortly after, Apple issued threat notifications to another group of iOS users. Forensic investigators confirmed that at least two of those individuals, both journalists, had been infected with Paragon's Graphite spyware through a zero-click exploit — meaning their devices were compromised without them ever tapping a single link.
This is not an anomaly. Security researchers have spent the past 15 years cataloguing case after case in which state-sponsored hackers successfully infiltrated the phones and computers of reporters, critics, and political opponents.
What Spyware Actually Does
The tools used in these attacks are sophisticated, expensive, and engineered to be invisible. Once spyware is installed on a device — and smartphones are the primary target because they contain nearly every detail of a person's life — the attacker gains sweeping access. They can listen to phone calls, read private messages, browse through photos, and silently activate the device's camera and microphone to record conversations. Real-time location tracking is also standard.
Fortunately, the biggest names in tech have responded. Apple, Google, and Meta each offer opt-in security features specifically built to counter these kinds of targeted attacks.
Why You Should Use These Features
These tools do involve some trade-offs. Certain standard device functions may be restricted or disabled when enhanced security modes are active. However, security researchers, tech companies, and cybersecurity journalists widely recommend enabling them — especially if your profession or public profile could make you a person of interest to government surveillance operations.
Even if you don't consider yourself a high-risk target, these features add a meaningful layer of protection that keeps your personal data safer from falling into the wrong hands.
"These features are free, easy to enable, and the best defense we have today against sophisticated spyware," said Runa Sandvik, a security researcher with over a decade of experience protecting journalists and vulnerable communities. "If the features get in the way of something you need to do, you can easily turn them off again — meaning it costs very little to turn them on and try them out."
No security solution is foolproof. Spyware developers constantly search for new vulnerabilities, and software makers continuously patch and adapt in response. But these features have a proven track record.
Apple Lockdown Mode
What It Does
Available across all Apple devices — including iPhones, iPads, and Macs — Lockdown Mode deliberately restricts certain standard functions in exchange for dramatically stronger defenses against advanced threats. Apple acknowledges upfront that the device will not operate as it normally does when this mode is active.
The effectiveness of Lockdown Mode is well-documented. Researchers at Citizen Lab found it successfully blocked a Pegasus spyware attack developed by NSO Group. As of early 2025, Apple has reported no confirmed successful attack on any device running Lockdown Mode.
How to Enable It
Navigate to Settings → Privacy & Security → Lockdown Mode. Toggle it on and your device will restart to apply the changes. You can also whitelist specific websites or apps to operate without Lockdown Mode restrictions, without disabling the feature entirely.
Google Advanced Protection Program
What It Does
Launched in 2017, Google's Advanced Protection Program fortifies your Google account against sophisticated hacking attempts. It introduces stricter login verification, limits which third-party apps can access your account data, and provides enhanced protections against phishing.
How to Enable It
Visit Google's official Advanced Protection page and click Get Started. You will be prompted to sign into your Google account and set up a physical security key or software passkey as a secondary authentication factor. You will also need to provide a recovery phone number, recovery email, or backup passkey to complete enrollment.
Android Advanced Protection Mode
What It Does
Building on the concept pioneered by Apple's Lockdown Mode, Android's Advanced Protection Mode delivers comparable security hardening for Google's mobile operating system. It tightens app permissions, restricts sideloading of unverified applications, and strengthens defenses against malicious exploits.
How to Enable It
Go to Settings → Security and Privacy → Other Settings → Advanced Protection → Device Protection and activate the feature.
WhatsApp Strict Account Settings
What It Does
With more than 3 billion active users worldwide, WhatsApp is an attractive target for intelligence agencies and surveillance firms. In 2019, NSO Group's hacking tools were used against roughly 1,200 WhatsApp users. A similar operation in early 2024 compromised around 90 accounts across Europe.
In response, WhatsApp introduced Strict Account Settings, an opt-in feature that activates enhanced privacy and security controls based on your operating system. These include tighter message link previews, restricted access from unknown devices, and additional account verification steps.
How to Enable It
Open WhatsApp on your primary device and go to Settings → Privacy → Advanced, then toggle on Strict Account Settings.
The Bottom Line
No single security measure offers absolute protection, and the battle between spyware developers and software defenders is ongoing. But the features described above are free, accessible, and proven to be effective. If you work in journalism, activism, law, or any field that could draw government scrutiny, enabling these tools is one of the smartest steps you can take to protect yourself. And if you're simply someone who values privacy, they're worth switching on anyway.
