Meta-owned instant messaging platform WhatsApp has released ‘strict account settings’ − a new security feature to protect users against cyber attacks.
It introduces lockdown-style protections aimed at users who face higher risks of targeted cyber attacks, including journalists and public-facing figures.
According to Statista, WhatsApp has over three billion active users globally.
In a blog post, WhatsApp explains that when enabled, ‘strict account settings’ automatically apply the platform’s “most restrictive privacy and security options”. This includes limiting how the app interacts with unknown users, such as blocking attachments and media from people who are not in a user’s contacts.
The feature is rolling out gradually and can be activated under Settings > Privacy > Advanced, it explains.
The update comes as part of a broader push by WhatsApp to harden its platform against sophisticated malware and spyware attacks.
While WhatsApp already provides default end-to-end encryption for messages and calls, the company says encryption alone does not address all attack vectors.
WhatsApp has also overhauled how media files are handled by adopting the Rust programming language across its media-processing systems. Rust is designed to prevent entire classes of memory-related vulnerabilities that have historically been exploited in messaging apps through malicious images, videos or documents.
The messaging and video calling app says the move follows lessons learned from past large-scale vulnerabilities, including Android’s 2015 “Stagefright” flaw, where crafted media files could compromise devices before users even opened them.
To reduce reliance on operating system patches, WhatsApp rebuilt its core media consistency library, previously written in C++ in Rust. The new implementation replaces roughly 160 000 lines of C++ code with about 90 000 lines of Rust, while improving performance and reducing memory usage.
This Rust-based system now runs across Android, iOS, desktop, web and wearable platforms, making it one of the largest global deployments of Rust on consumer devices. The technology underpins WhatsApp’s internal “Kaleidoscope” checks, which scan for non-conforming or high-risk file structures, disguised file types, and known dangerous attachments such as executables.
Beyond encryption
Commenting on the announcement, Hendrik de Bruin, head of SADC security consulting at Check Point Software Technologies, says end-to-end encryption remains only part of the security picture.
“Messaging apps like WhatsApp, Signal and Telegram use end-to-end encryption, meaning messages are encrypted inbox to inbox and only the sender and receiver can read them. This addresses privacy of data, but not all security,” says De Bruin. “Malicious files, unwanted messages, spam and scam messages can still be sent as long as you know a user’s registered phone number.”
He adds that certain user data − such as profile photos, phone numbers and status information − can still be exposed by design.
“What Meta is addressing is protecting user information through stricter account settings. There have been claims that Meta rejects they have access to encrypted messages. These new settings are further protections from potential outside threats.”
Share