WhatsApp is reportedly developing a new security feature designed to protect users from targeted cyberattacks. The feature, called Strict Account Settings, was discovered in the code of WhatsApp beta for Android version 2.25.33.4 by feature tracker WABetaInfo. This upcoming tool aims to provide a centralised way for users to quickly enable multiple advanced security and privacy protections with a single toggle, eliminating the need to manually adjust various settings across the app. The feature is still under development and not yet available for testing, even for users running the latest beta version from the Google Play Store. While no official release date has been announced, its discovery suggests that WhatsApp plans to include this security mode in a future Android update. The Strict Account Settings feature is expected to automatically activate several key protections when enabled. These include IP address masking during calls, blocking media and file attachments from unknown senders, disabling link previews to prevent data leaks, muting calls from unsaved numbers, and restricting group chat invitations. Additionally, the mode will limit profile visibility to contacts only and enable two-step verification by default. Security notifications will also alert users when a contact's encryption code changes, allowing them to verify conversation authenticity. WhatsApp is also working on another feature that limits the number of messages users can receive from unknown accounts. This aims to reduce spam and unwanted messages by detecting high volumes of activity from unfamiliar senders. The Strict Account Settings mode will be optional and targeted at users who face advanced cyber threats, while existing encryption and security measures will continue to protect all accounts by default. The feature reflects WhatsApp's ongoing efforts to enhance user safety in an increasingly digital world where cyberattacks are becoming more sophisticated.
What Is Strict Account Settings Mode on WhatsApp
The new lockdown-style mode called Strict Account Settings was spotted in the code for WhatsApp beta for Android 2.25.33.4 by feature tracker WABetaInfo. Though present in the latest beta version available on the Google Play Store, the feature remains inactive and unavailable for testing as it is still in development. The upcoming mode is designed to let users apply stricter security settings with a single toggle, providing greater control and reducing the need to manually adjust multiple privacy options. This feature is aimed at boosting account security for users who may be vulnerable to targeted cyberattacks. While there is no word on an official release date, the discovery of this mode in the beta code suggests that WhatsApp intends to include it in a future Android update. The feature represents a significant step in simplifying security management for users who require enhanced protection. By consolidating various security measures under one toggle, WhatsApp aims to make advanced protection more accessible and easier to manage. This is particularly important for users who may not be aware of all available security settings or who need to quickly enable comprehensive protection due to heightened security risks.
Automatic IP Address Protection During Calls
One of the key features of the Strict Account Settings mode is IP address protection during calls. When this mode is enabled, WhatsApp will route all voice and video communications through its servers instead of using direct peer-to-peer connections. This prevents potential tracking based on location data, as the user's IP address will not be exposed to the other party during calls. This measure is particularly important for users who may be at risk of being tracked or targeted based on their location. By masking the IP address, WhatsApp adds an additional layer of privacy that can help protect users from sophisticated attackers who might attempt to determine their physical location through call metadata. The feature addresses a known privacy concern where IP addresses can sometimes be used to identify approximate geographical locations. For users facing security threats, this automatic protection removes the need to worry about potential tracking during routine communications. The routing through WhatsApp's servers ensures that calls remain secure while maintaining call quality and functionality.
Blocking Media and Files From Unknown Senders
The Strict Account Settings mode will automatically block media and file attachments from unknown senders, according to the feature tracker. This prevents the automatic download of photos, videos, or documents that could potentially carry malware or phishing links. When this protection is active, communication with unknown accounts will be limited to text messages only, significantly minimising exposure to potential security risks. This feature is particularly valuable in protecting against zero-click attacks, where malicious code can be executed simply by receiving a file without any user interaction. By restricting media reception to known contacts only, WhatsApp creates a barrier against one of the most common vectors for malware distribution and social engineering attacks. The measure ensures that users cannot accidentally download harmful content from unfamiliar sources, even if the files appear legitimate. This automatic blocking removes the burden of constantly making security decisions about incoming media, providing peace of mind especially for users who may be targeted by sophisticated attackers. The restriction to text-only communication with unknown senders allows users to maintain some level of interaction while significantly reducing security risks.
Link Preview Protection Against Data Leaks
WhatsApp reportedly plans to integrate an option to disable link previews in chats as part of the Strict Account Settings mode. The app usually generates previews by connecting to linked websites, which can potentially expose a user's IP address and other metadata. With this setting turned on, link previews will not appear in conversations, reducing the risk of indirect data leaks or tracking attempts. Although this option is already available in WhatsApp's privacy settings, including it as part of the strict security mode ensures consistent and automatic protection for high-risk users. The link preview feature, while convenient for normal users, can create security vulnerabilities for those facing targeted threats. By automatically disabling this functionality when strict mode is enabled, WhatsApp removes another potential avenue for tracking and data collection. The measure prevents situations where simply receiving a message containing a link could expose information about the recipient. This protection is particularly relevant for users who may be targeted by sophisticated actors who can leverage even small amounts of metadata to build profiles or track individuals.
Call and Group Chat Restrictions
The strict security mode on WhatsApp is expected to automatically mute calls from unsaved numbers, helping prevent spam, scams, and zero-click attack attempts. This feature adds a layer of protection by ensuring that only calls from known contacts can reach the user directly. Additionally, the mode will reportedly limit who can add users to group chats, allowing only saved contacts to send group invitations. This prevents unwanted additions to group conversations that could potentially expose users to spam or malicious content. These restrictions work together to create a more controlled communication environment where interactions are limited to trusted contacts. For users facing security threats, reducing exposure to unknown numbers and unwanted group additions significantly decreases the attack surface available to potential threat actors. The automatic muting of calls from unsaved numbers prevents interruptions and potential social engineering attempts, while group chat restrictions ensure users maintain control over their conversation spaces. These features are particularly important for preventing mass spam campaigns and targeted harassment attempts that often exploit the ease of adding users to groups or calling unknown numbers.
Profile Privacy and Visibility Controls
Under the Strict Account Settings mode, profile details such as photo, status, and the last seen timestamp will reportedly be restricted to contacts only. This automatic privacy setting prevents unknown users from viewing personal information that could be used for profiling or social engineering attacks. By limiting profile visibility, WhatsApp helps protect users from unwanted attention and potential targeting based on their online presence and activity patterns. This measure is particularly important for users who may be targeted by sophisticated actors who gather information from multiple sources to build detailed profiles of their targets. The restriction of profile information to contacts only creates a more private communication environment where users can control who has access to their personal details. This automatic setting removes the need for users to manually configure multiple privacy options, ensuring comprehensive protection is applied consistently. The feature recognises that even seemingly innocuous information like profile photos or status updates can be valuable to attackers attempting to gather intelligence or launch social engineering campaigns. By making this protection automatic within strict mode, WhatsApp simplifies privacy management while ensuring robust protection.
Two-Step Verification and Security Alerts
Two-step verification will be enabled by default when users activate the Strict Account Settings mode, according to WABetaInfo. This adds a PIN-based authentication layer to prevent account hijacking or identity theft. Users will be required to enter their personal identification number when registering their phone number with WhatsApp again, providing an additional barrier against unauthorised access. Security notifications will also alert users when a contact's encryption code changes, allowing them to verify the authenticity of conversations and ensure they are communicating with the intended recipient. These combined features create a comprehensive authentication system that significantly enhances account security. The automatic enablement of two-step verification removes the risk of users forgetting to activate this crucial protection, while security notifications provide ongoing monitoring of potential security changes. The encryption code change alerts are particularly valuable for detecting potential man-in-the-middle attacks or unauthorised access attempts. Together, these features ensure that users maintain control over their accounts and can verify the security of their communications, which is essential for those facing targeted threats.
Optional Protection for High-Risk Users
WhatsApp's new Strict Account Settings mode will be optional and aimed at users facing advanced cyber threats, the feature tracker noted. While existing encryption and security measures will continue to safeguard all accounts by default, this additional mode provides an extra layer of protection for those who require it. The optional nature of the feature ensures that users who do not face heightened security risks can continue using WhatsApp with its standard settings, while those who need enhanced protection can activate the strict mode with a single toggle. This approach recognises that different users have different security needs and threat profiles. By making the feature optional, WhatsApp avoids imposing restrictions that might impact usability for the majority of users while still providing robust protection for those at risk. The comprehensive protection system created by these features ensures privacy, safety, and account integrity for high-risk users without compromising the user experience for general users. WhatsApp is also working on another feature that limits messages from unknown accounts to further reduce spam and unwanted communications by detecting high volumes of activity from unfamiliar senders, improving overall communication safety.
Source: Link