A new layer of protection is gradually rolling out to all WhatsApp users starting in January 2026. The company announced a set of strict account settings designed to be activated with a single tap, offering a robust block against sophisticated cyberattacks, such as those carried out through spyware and targeted phishing campaigns.
The measure aims to strengthen the security of vulnerable profiles, including journalists, human rights activists and public figures, who are often targets of digital surveillance. Enabling the feature centralizes and applies the most restrictive privacy options available on the platform, eliminating the need for complex and time-consuming manual configurations by the user.
The distribution of the new functionality will occur progressively on a global scale over the next few weeks. The update will be applied directly to the server, not requiring users to download a new version of the application or perform specific updates on their operating systems, whether Android or iOS.
What changes with the new protection activated
By enabling strict settings, WhatsApp transforms the experience of interacting with unknown contacts, creating a protective barrier without affecting conversations with numbers already saved in the address book. The most significant change is the automatic blocking of receiving any type of media file, such as photos, videos, documents and audio, sent by people outside the contact list. Essa action neutralizes one of the most common vectors for the spread of malware. Adicionalmente, voice and video calls from unknown numbers are silenced and routed through WhatsApp servers, a technical measure that prevents the exploitation of direct connection vulnerabilities, known as zero-click attacks. Outra crucial change is the deactivation of link previews, which no longer display thumbnails and can hide malicious code. The system also prevents users from being added to groups by administrators who are not in their contact list and makes it mandatory to activate two-step verification, requiring a PIN to register the account on a new device, protecting against account theft via chip cloning or access to SMS codes.
How to enable the new security feature
The process to activate this extra layer of security was designed to be simple and quick, focused exclusively on the mobile application on the user’s main device. The first step is to open WhatsApp and access the “Settings” menu, usually located in the top or bottom right corner of the screen, depending on the operating system.
Within the settings menu, the user must select the “Privacy” option. Nesta section, a new area called “Advanced” will be visible. When you tap on it, the “Strict account settings” option will be presented, accompanied by a button for immediate activation.
To confirm the action, the application will ask for a final confirmation. Once confirmed, all restrictions are instantly applied account-wide. WhatsApp will display a brief summary of the new protections that have been enabled to ensure the user is aware of the changes.
It is important to highlight that the functionality is fully reversible. Caso the user decides to disable protection, just follow the same path in the settings menu and disable the feature. The user experience with contacts saved in the calendar remains completely unchanged.
Focus on sophisticated cyber threats
The creation of this tool directly responds to the increase in digital attacks that use commercial spyware, such as those developed by companies specializing in surveillance. Essas tools are often used to monitor the communications of specific targets, exploiting unknown vulnerabilities in applications to install spy software without the victim noticing. By restricting interactions with strangers, WhatsApp drastically reduces the “attack surface”, which is the set of entry points that an attacker can exploit.
The new settings are particularly effective against infection methods that depend on some interaction, even if minimal, from the target, such as receiving a call or receiving a file. Routing calls through Meta servers, for example, masks the user’s IP address, making it difficult for attackers to identify the victim’s location and network, a crucial step in many targeted attacks. Security code change notification, which alerts contacts when an account is reinstalled, also serves as an alert to possible attempts to intercept communications.
Details of restrictions for unknown numbers
With the new functionality activated, interaction with numbers that are not in the user’s phonebook is profoundly modified. Media blocking is total, preventing photos, videos or documents from reaching the device, which prevents the execution of malicious files that may be disguised as legitimate content.
Voice and video calls from strangers will not ring on the device, but will only be silently registered in the missed calls list. Essa approach prevents interruptions and, more importantly, prevents attacks from exploiting the calling protocol to break into the device before the call is even answered.
The impossibility of being added to groups by unknown administrators directly combats the practice of mass spam and social engineering attempts carried out on a large scale. Essa measure ensures that the user has full control over the groups in which they participate, avoiding exposure to fraud and misinformation.
Availability and usage guidelines
The rollout of the strict settings tool is global, but its appearance on users’ devices will be gradual. The company has not established a fixed schedule per country, as the release depends on internal update cycles. It is recommended that users periodically check the privacy section in their settings.
For professionals working in risky areas, such as investigative journalism, activism or politics, activating the feature is strongly recommended as soon as it becomes available. The protection offered can be a crucial differentiator in preventing digital surveillance and espionage, without compromising essential communication with trusted sources and contacts.
Advantages for the everyday user
Although the main focus is protection against advanced threats, any user can benefit from the new functionality. Enabling strict settings provides additional peace of mind by protecting against the common scams, spam, and unwanted contact attempts that have become frequent on the platform.
The main advantage is convenience. Instead of navigating multiple screens and individually adjusting who can see profile photo, status, and last seen status, the new feature applies the most secure restrictions all at once, simplifying digital privacy management for everyone.
The importance of two-step verification
Mandatory two-step verification, enforced by activating strict mode, is one of the most effective defenses against account theft. By requiring a user-created six-digit PIN every time the phone number is registered on a new device, WhatsApp prevents criminals from taking control of the account even if they manage to intercept the verification code sent via SMS.