WhatsApp Rolls Out ‘Strict Account Settings’ Option

WhatsApp has introduced a new optional security feature called Strict Account Settings, designed to provide high-risk users with stronger defenses against sophisticated cyber threats, including spyware and exploits that could bypass end-to-end encryption through shared files. Users can activate Strict Account Settings via Settings > Privacy > Advanced on their primary device (not companion apps like WhatsApp Web).

The setting, which began rolling out gradually worldwide in late January 2026, applies the platform’s most restrictive privacy configurations in a single toggle. When enabled, it automatically blocks media files, attachments, and documents from senders not in the user’s contacts, silences incoming calls from unknown numbers, disables link previews (thumbnails that appear for URLs), prevents unknown users from adding the account to groups, and locks other privacy elements like profile visibility and presence indicators.

“At WhatsApp, we think you should be able to have a private conversation online, just like you would in-person. We will always defend that right to privacy for everyone, starting with default end-to-end encryption. But we also know that a few of our users – like journalists or public-facing figures – may need extreme safeguards against rare and highly-sophisticated cyber attacks.

”The feature addresses persistent risks from maliciously crafted media that exploit operating system-level vulnerabilities or libraries during file processing—a vector reminiscent of the 2015 Stagefright Android flaw, though WhatsApp notes such attacks remain extremely rare today. It also complements backend improvements, including the adoption of the Rust programming language for handling photos, videos, and messages to better resist spyware intrusions.

“We’ve also rolled out a programming language called Rust behind the scenes to help keep your photos, videos, and messages safe from things like spyware, so you can share and chat with confidence.”