Apple says its Lockdown Mode, a security feature introduced in 2022, has not been successfully breached by spyware attacks since its release. The company describes it as an optional, high-security setting designed for users who may be targeted by sophisticated surveillance tools.
According to Apple, there have been no confirmed cases of mercenary spyware compromising a device while Lockdown Mode was enabled. Independent researchers appear to support that claim. Security teams at Amnesty International report no evidence of successful attacks against devices using the feature, despite ongoing incidents involving spyware targeting iPhone users more broadly.
Lockdown Mode is available across Apple’s ecosystem, including iPhone, iPad, Mac, and Apple Watch, provided they are running relatively recent operating system versions. It is not enabled by default and is intended for a narrow group of users, such as journalists, activists, and public figures who may face targeted digital threats from state-linked or commercial surveillance vendors.
The feature works by significantly limiting device functionality to reduce potential entry points for attackers. When activated, it blocks or restricts several commonly used features. Messages are stripped of most attachments beyond basic media, link previews are disabled, and certain web technologies are blocked, which can affect how websites load. Incoming FaceTime calls are restricted unless there has been prior contact, and some Apple services, including shared invitations, are limited.
Additional safeguards include disabling automatic connections to unsecured Wi-Fi networks, restricting wired connections unless the device is unlocked, and preventing installation of configuration profiles or enrollment in device management systems. Even cellular connectivity is adjusted, with older network standards like 2G and 3G disabled to reduce exposure to known vulnerabilities.
These protections come with clear trade-offs. The device experience becomes more constrained, and some everyday features either function differently or stop working altogether. Apple positions this as a deliberate compromise, prioritizing security over convenience for users at higher risk.
Security researchers have described Lockdown Mode as one of the more aggressive consumer-facing protections currently available. That said, its effectiveness is tied to its restrictive design. By reducing the number of ways software can interact with the device, it limits the opportunities for exploitation—but also reduces flexibility for the user.
The broader context is a continued escalation between device makers and surveillance technology providers. While Lockdown Mode appears to be holding up so far, it exists within an environment where attack methods continue to evolve. Its current track record may reflect both strong design and the relatively small number of users who have enabled it.
