WhatsApp has introduced “Strict Account Settings”, an optional security feature that combines multiple privacy controls under a single toggle. The feature, which began rolling out this week, is designed primarily for users who face sophisticated cyberattack risks (journalists, activists, and public figures) though it’s available to anyone seeking enhanced protection.
What Strict Account Settings Actually Do
Think of it as a lockdown mode for your WhatsApp account. Once enabled, the feature restricts last seen and online status, profile photos, and account details to contacts only, limits who can add users to groups, disables link previews, blocks high-volume messages from unknown accounts, turns on security code change notifications, and enables two-step verification by default.
The most significant change involves how your account handles unknown contacts. Attachments and media from people not in your contacts are blocked, reducing the risk of receiving harmful files disguised as normal images, videos, or documents. Calls from unknown numbers are automatically silenced, cutting off another common attack vector.
The Trade-Off Between Security and Convenience
There’s a catch: individual features cannot be toggled off once the main setting is enabled. It’s an all-or-nothing approach that prioritises security over flexibility. This means users accepting the lockdown must commit to a more restrictive WhatsApp experience across the board.
The feature limits everyday functionality in exchange for protection. Your account becomes significantly more private, but you lose conveniences like seeing when contacts are online or previewing links before clicking them. For most users, this trade-off won’t make sense. For those facing genuine threats, it might be essential.
How It Compares to Similar Features
The feature is similar in spirit to Apple’s Lockdown Mode for iPhone, aimed primarily at users who face targeted threats. It follows a growing trend of tech companies offering extreme security options for high-risk individuals. Google recently rolled out Advanced Protection Mode on Android with comparable restrictions.
What sets WhatsApp’s approach apart is its integration with the platform’s existing end-to-end encryption. The company positions Strict Account Settings as an additional layer on top of encryption that’s already enabled by default, rather than a replacement for it.
Enabling the Feature
Users can activate Strict Account Settings by navigating to Settings > Privacy > Advanced on iOS or Android devices. The option isn’t available on WhatsApp Web and must be managed from your primary phone. The feature is rolling out gradually over the coming weeks, so not all users will see it immediately.
To disable it, users follow the same path and toggle it off from the Advanced menu. The company hasn’t indicated whether there will be any cooldown period between enabling and disabling the feature.
The Bigger Security Picture
Beyond Strict Account Settings, WhatsApp announced it has implemented Rust, a programming language known for memory safety, to replace legacy security libraries. This behind-the-scenes change aims to protect against sophisticated attacks like spyware, though users won’t notice any functional difference.
The timing of these announcements is notable. Last week, a lawsuit filed in San Francisco federal court alleged that WhatsApp’s end-to-end encryption claims are misleading. While WhatsApp hasn’t directly connected the new feature to this lawsuit, the rollout addresses ongoing questions about platform security for vulnerable users.
For the vast majority of WhatsApp’s billions of users, this feature will remain irrelevant. But for those who genuinely face targeted threats, it represents a meaningful enhancement to the platform’s security toolkit, provided they’re willing to accept the limitations that come with it.
