That’s a headline I never thought I would write, but one has to give kudos when kudos are due. And also, in a time of people’s rights being continually eroded, we all deserve a bit of good news.

So, wait, what happened? On July 6, Apple launched a new feature to help people who have been targeted by mercenary spyware. This feature is called ‘lockdown mode’ which can be turned on optionally by the user. As Apple wrote in their blog post, this mode offers specific kinds of protections

• Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
• Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
• Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
• Wired connections with a computer or accessory are blocked when iPhone is locked.
• Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

If I’ve lost you, let me backup, because this may not be something you encounter but it’s still a big deal. Mercenary spyware refers to particularly companies, one of the worst being the Israeli spyware company, theNSO Group, that will partner with or be hired by governments or bad actors to gain access to someone’s phone or device (usually a journalist or activist) via spyware that is sometimes sent to victims via a link that can infect the phone or can happen through a ‘zero click exploit.’ Both of these take advantage of vulnerabilities in the phone’s software.

Great, but what is a zero click exploit? It’s exactly what it sounds like. It’s an attack that can compromise a device without any action from its owner; meaning you don’t have to click on a link. Other attacks, like phishing, trick people into clicking links or get people to download a file- that’s where the attack is. Zero-click attacks instead use existing vulnerabilities in operating systems of devices to render an attack.

As security expert and senior researcher with Citizen Lab John Scott- Railton tweeted, this is a big change for Apple but an incredibly important update, especially for people who have a higher digital risk of being targeted by incredibly sophisticated spyware.

While this isn’t something an everyday user would need to contend with (such as you reading this), this is still a very big and important issue. So why did Apple focus on this? Their blog says it best. “Apple makes the most secure mobile devices on the market. Lockdown Mode is a groundbreaking capability that reflects our unwavering commitment to protecting users from even the rarest, most sophisticated attacks,” said Ivan Krstić, Apple’s head of Security Engineering and Architecture. “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are…Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware. Turning on Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by highly targeted individuals.”

Is this a specific subset (and potentially small) of users? Yes. It’s important to really contextualize this harm more specifically because this is a kind of threat that could manifest into actual physical harm, harm to others, or even death. For example, the NSO Groups’ Pegasus software was placed onto the phone of the wife of murdered journalist, Jamal Khashoggi, months before his death. Additionally, Amnesty International has found the NSO Group’s Pegasus software on 37 devices belonging to 35 El Salvadoran journalists.

Apple’s new lockdown mode is an example of privacy by design, and privacy protection, which more and more companies should be doing. Scott-Railton tweeted that there’s still more to do in terms of helping protect users, and a lot to learn in how much this new feature will help users whose physical device has been compromised, but even still, it’s a step in the right direction that does offer more protections. We just need to see how much more help it offers.

What I personally hope is that this is a changing of the tide with big tech companies in terms of making software to protect all users, and a way to do that (one of the best ways) is to center users’ privacy. For example, companies should stop tracking people’s locations, delete their data history, and never ever turn over their data to law enforcement. Apple, do that next please.

Want to learn more about Apple’s Lockdown mode? Amnesty International’s Claudio Guarnieri has a great newsletter post that breaks this down more.