A new layer of security has been introduced by WhatsApp to protect users against increasingly sophisticated digital threats. The feature, called strict account settings, allows anyone to activate the maximum level of privacy with a single command, simplifying protection against targeted attacks, such as those that use spyware and phishing campaigns to compromise devices.
The tool is designed to create a robust barrier against unknown contacts, drastically limiting the ways potential attackers can interact with the account. Its implementation aims mainly to meet a demand from high-risk profiles, such as journalists, activists and public figures, who are often targets of digital surveillance, but it is available to all users who wish to reinforce their security.
The feature is being rolled out gradually globally from January 2026. Activation occurs directly in the application, without the need for complex operating system updates, ensuring that protection is accessible and easy to implement for the messaging platform’s global user base.
How the new protection barrier works
When activated, the new functionality automatically adjusts a set of privacy options to the most restrictive level possible. Essa centralized approach eliminates the need for the user to navigate through different menus and manually configure each security item such as status visibility, profile photo and read receipts. The user experience with contacts already saved in the phonebook remains unchanged, ensuring that enhanced protection does not interfere with reliable, everyday communications.
The fundamental principle of the tool is to reduce the attack surface, which is the set of vulnerable points that a cybercriminal can exploit. By limiting interactions from unidentified numbers, WhatsApp prevents common attack vectors, such as sending malicious files or using calls to exploit connection flaws, from being effective. Essa proactive measure works as a preventive filter, making the initial stage of any invasion or fraud attempt difficult.
Main restrictions applied to unknown contacts
One of the most significant changes is the complete blocking of receiving media files sent by numbers that are not in the user’s contact list. Isso means that photos, videos, documents and audio messages from unknown sources will not be downloaded, neutralizing a common tactic of distributing malware and spyware disguised as legitimate content.
Voice and video calls initiated by strangers will also be managed differently. Elas are automatically silenced so as not to interrupt the user, although the call record remains in the history. Mais Importantly, these calls are routed through WhatsApp servers, a measure that masks the recipient’s IP address and prevents attackers from using it to identify location or exploit vulnerabilities in the direct connection.
To combat phishing, the feature disables the generation of previews of links sent by unknown contacts. Sem the thumbnail and link summary, reduces the risk of the user being fooled by a visually appealing lure that would lead them to a fraudulent website designed to steal credentials or install malicious software on the device.
The tool also prevents users from being added to groups by people who are not in their contact list. Essa restriction is a direct response to mass spam and social engineering campaigns, where accounts are added to groups without consent to spread misinformation, scams, or dangerous links on a large scale.
Simplified activation in the privacy menu
The process to enable maximum protection is designed to be intuitive and quick. The user must access the “Settings” menu within the WhatsApp application and then select the “Privacy” option. Dentro of this section, there will be a new submenu called “Advanced”, where the functionality will be located.
On the advanced settings screen, the “Strict account settings” option can be activated via a single toggle. Após confirmation, all restrictions are applied immediately, without the need to restart the application or the device. The system is straightforward and does not require prior technical knowledge from the user.
Once protection is activated, the app displays a confirmation screen that summarizes all the privacy changes that have been implemented. The functionality is fully reversible, allowing the user to deactivate it at any time by following the same path, if they decide that the restrictions are no longer necessary for their usage profile.
Focus on protecting high-risk users
The creation of this tool was strongly motivated by the increase in attacks targeting vulnerable groups. Jornalistas investigators, human rights defenders and political dissidents are frequent targets of commercial espionage tools, such as Graphite spyware, which exploits common interactions in messaging apps to infect devices and monitor activity.
By blocking the main entry vectors used by these spy software, WhatsApp offers an essential layer of defense for these professionals. Automatic restrictions make it difficult for spyware operators, who rely on sending files or making calls to exploit security holes and install the surveillance program on the victim’s device.
What changes in the security check
One of the pillars of the new configuration is the mandatory two-step verification. Quando strict protection mode is active, the system requires the user to set a six-digit PIN that will be requested whenever the WhatsApp account is registered on a new device. Essa measure is extremely effective against attempts to steal an account through chip cloning (SIM swap) or improper access to the verification code sent via SMS, as the attacker would also need to know the personal PIN to complete the access. Além Furthermore, the platform reinforces end-to-end encryption transparency mechanisms. The system now more visibly notifies all participants in a conversation if the security code of one of the members changes, an event that may indicate that the account has been reinstalled on another device or that there is a possible attempt to intercept the communication.
Global tool availability
The new security functionality is being rolled out progressively to all users around the world. The gradual rollout ensures that the platform’s infrastructure supports change without instability. Availability is not linked to a specific date per region, but rather to updates to the application itself that will be released over the next few weeks.
Benefits for the common user
While the initial focus is on protecting high-risk targets, anyone can benefit from the new layer of security. Para the average user, activating the feature means greater control over who can contact you, resulting in less spam, scam attempts and unwanted interactions from strangers, which contributes to a safer and smoother user experience.
The main advantage is convenience. The tool consolidates several settings into a single command that would previously need to be adjusted individually. Isso saves time and ensures that no important privacy options are forgotten, offering a complete level of protection with minimal effort and immediately.
