WhatsApp rolls out ‘Strict Account Settings’ for high-risk users

WhatsApp has introduced a new security-focused feature called Strict Account Settings, aimed at users who face heightened digital security risks, including journalists, activists, political figures and other public-facing individuals who are often targeted by sophisticated cyber attacks. The new mode automatically applies the platform’s most restrictive privacy and safety controls, strengthening defences against spyware, phishing attempts and malicious exploits.

The feature is designed for users who may not have the time or technical knowledge to manually adjust multiple privacy settings. By enabling Strict Account Settings, WhatsApp applies a preconfigured bundle of protections that significantly limit how the app interacts with unknown or potentially harmful sources, while continuing to preserve the platform’s core promise of private communication.

What Strict Account Settings does

Strict Account Settings focuses on reducing attack surfaces that are commonly exploited in targeted cyber intrusions. Once enabled, the mode blocks attachments and media files sent by unknown contacts, a frequent entry point for spyware and malware. It also tightens permissions related to account interactions, reducing the chances of malicious content being automatically downloaded or executed on a user’s device.

In addition to limiting media handling, the feature enforces stricter controls on how accounts can be contacted or interacted with, especially by people outside a user’s existing network. These restrictions are intended to minimise exposure to suspicious messages, links and files that are often disguised as legitimate communication.

WhatsApp has positioned the feature as an “extra layer” of protection rather than a replacement for existing privacy tools. Users who enable Strict Account Settings can still customise certain preferences, but the default configuration prioritises maximum security over convenience.

Who the feature is meant for

According to WhatsApp, the new mode is specifically targeted at users who face elevated digital threats due to the nature of their work or public visibility. Journalists, human rights defenders, lawyers, opposition politicians and civil society organisers are among the groups most frequently targeted by advanced surveillance tools, including commercial spyware.

While the feature is available to all users, WhatsApp has emphasised that Strict Account Settings is particularly useful for those who believe they may be under targeted surveillance rather than random cyber threats. These users often face highly customised attacks that bypass traditional security measures, making proactive and restrictive controls essential.

At the same time, WhatsApp noted that everyday users concerned about privacy can also benefit from enabling the mode, especially if they frequently receive messages from unknown contacts.

How to enable Strict Account Settings

Strict Account Settings can be turned on through WhatsApp’s Privacy section, under Advanced settings. The company said the feature will be rolled out gradually over the coming weeks, meaning it may not appear immediately for all users.

Once enabled, the changes take effect automatically, without requiring additional configuration. WhatsApp has stated that the rollout will be global and will apply across supported devices, ensuring consistency in security protections regardless of location.

Built on end-to-end encryption

WhatsApp said the new feature builds on its long-standing end-to-end encryption framework, which ensures that messages, calls and shared media remain accessible only to the sender and recipient. Even WhatsApp itself cannot read or listen to these communications.

Strict Account Settings does not weaken encryption or introduce any form of content monitoring. Instead, it complements encryption by preventing potentially harmful content from reaching a user in the first place. This layered approach reflects a broader industry shift towards combining strong cryptography with preventative security measures.

The company reiterated that private conversations remain protected both online and in person, reinforcing its position that user privacy is central to the platform’s design.

Strengthening infrastructure with Rust

Alongside the new feature, WhatsApp revealed that it has strengthened its underlying security infrastructure by deploying Rust, a modern programming language known for its strong memory safety guarantees. Rust helps reduce vulnerabilities that are commonly exploited by spyware and malicious code, particularly those related to memory corruption.

By migrating critical components to Rust, WhatsApp aims to minimise the risk of zero-day exploits that can be used to compromise devices without user interaction. This move aligns with a wider trend in the tech industry, where major platforms are increasingly adopting memory-safe languages to improve baseline security.

WhatsApp said this backend shift is not directly visible to users but plays a crucial role in protecting accounts from sophisticated attacks that operate below the application layer.

Growing focus on high-risk user safety

The introduction of Strict Account Settings comes amid growing scrutiny of commercial spyware and digital surveillance practices worldwide. Investigations over the past few years have revealed how advanced tools are used to target journalists, activists and political opponents, often through messaging platforms.

By offering a dedicated high-security mode, WhatsApp is signalling a more proactive stance in protecting vulnerable users. The company has previously introduced features such as disappearing messages, chat lock and advanced privacy controls, but Strict Account Settings represents a more consolidated and automated approach.

Conclusion

Strict Account Settings marks a significant step in WhatsApp’s evolving security strategy, particularly for users facing targeted digital threats. By combining restrictive default controls, strong encryption and a more secure technical foundation powered by Rust, the platform aims to make advanced protection more accessible. As cyber attacks grow more sophisticated, features like this may become essential tools for safeguarding private communication in an increasingly hostile digital environment.