Apple introduced Lockdown Mode in iOS 16 in 2022, after years of reporting from Citizen Lab and Amnesty International on NSO Group's Pegasus spyware infecting iPhones belonging to journalists, activists, and dissidents. The exploits that Pegasus and its peers relied on were almost always zero-click: a malicious iMessage attachment, a booby-trapped WebKit render, an exotic font parser bug. The victim did nothing wrong. They simply received a message.
Lockdown Mode is Apple's structural answer to that class of threat. Rather than try to patch every parser bug as it appears, it disables the parsers themselves.
The Mental Model: Attack Surface Reduction
The phrase "attack surface" is jargon, but the concept is simple: the more features software has, the more code it runs to handle inputs from the outside world, and the more places a bug can hide. A feature you don't use is still parsing data and still capable of being exploited.
Most security advice is additive: install this app, enable this setting, run this scan. Lockdown Mode is subtractive. It asks a different question: what features can you live without, in exchange for closing off entire categories of attack?
Lockdown Mode is explicitly designed for people targeted by state-level actors and mercenary spyware vendors. Apple has been blunt that the vast majority of users do not need it. But the architecture is interesting even if you'll never use it.
What Lockdown Mode Actually Disables
The exact behaviors evolve with each iOS release — Apple has expanded the protections incrementally since launch — but the major categories are stable:
Messages. Most attachment types are blocked, including link previews. Only basic images, video, and audio render. The MIME-parsing code paths that have historically been a rich vein of exploits are simply not invoked.
Web browsing. Just-in-time JavaScript compilation is disabled across the system. JIT is necessary for fast modern web apps, but it also requires writeable-and-executable memory, which is a long-standing source of browser exploits. Sites can opt themselves back in to JIT individually if you trust them. Other "complex" web technologies — including some font features and color management paths — are also turned off.
FaceTime. Incoming FaceTime calls from people who haven't called you before are blocked. SharePlay and Live Photos over FaceTime are disabled. The 2019 Group FaceTime bug, where attackers could listen to a target's microphone before the call was answered, is the kind of vulnerability this category exists to neutralize structurally.
Apple services. Incoming invitations to services like Game Center from non-contacts are blocked.
Wired connections. When the phone is locked, wired accessory connections are blocked. This closes off the class of "rubber-ducky" USB attacks that depend on plugging into a screen-locked device.
Configuration profiles. Installing new MDM profiles is blocked. This is the mechanism most commonly abused to enroll a phone into an attacker-controlled management framework.
Wireless connections. The phone will not auto-join non-secure Wi-Fi networks. 2G cellular fallback is disabled, which closes off downgrade-to-2G attacks used by IMSI catchers.
Who Should Turn It On
Apple's own framing is the right starting point: this is for people who have reason to believe they are individually targeted by sophisticated, well-funded attackers. That includes:
- Journalists working on national-security or organized-crime stories
- Activists and dissidents from authoritarian states, especially those living abroad
- Lawyers handling cases against state actors
- Senior executives whose communications would have material value to nation-state competitors
- Domestic-violence survivors with a sufficiently resourced and technically capable adversary
It is overkill for the median user — and Apple says so directly. The friction is real. Some websites will look broken. Some message types simply won't open. Group FaceTime invitations from new contacts will not arrive. That cost is acceptable if your threat model is "a state-affiliated vendor is paying seven figures for a zero-click on my device." It is not acceptable for most people, most of the time.
What Lockdown Mode Cannot Do
| Threat | Mitigated? |
|---|---|
| Zero-click iMessage exploits | Strongly mitigated — attachment parsers disabled |
| JIT-based browser exploits | Strongly mitigated |
| Targeted phishing of your iCloud password | Not mitigated — Lockdown Mode does not stop you from typing a password into a fake site |
| SIM swapping against your carrier | Not mitigated — this is a carrier-side attack |
| Legal compulsion of iCloud data | Not mitigated — separate from device hardening; see iCloud backup privacy |
| Physical seizure with a cooperative passcode | Not mitigated — different threat model entirely |
| Compromise of your contacts' devices | Not mitigated — what your contacts send and store is outside Lockdown Mode's scope |
Lockdown Mode is targeted at one thing: remote, unauthenticated, often zero-click compromise of your device by sophisticated attackers. It does that well. Everything else still requires the rest of your security hygiene — strong unique passwords, hardware-backed 2FA, careful inspection of what you install, and an honest assessment of what your iCloud backups contain.
The Forensic Trace
A worthwhile detail: when Lockdown Mode blocks something — a website asking for a non-allowed feature, an inbound FaceTime invitation from an unknown number, a configuration profile install attempt — the user sees the block. That visibility is a feature. It tells you when something is probing you, which gives you the chance to investigate and report.
Citizen Lab and other research organizations now ask targeted individuals to share what Lockdown Mode is blocking, because the pattern of blocks can be diagnostic of a campaign.
The Bigger Pattern
What Lockdown Mode demonstrates, beyond its specific protections, is that the most reliable security improvements often come from removing code paths, not adding more. This is the same logic that produces GrapheneOS on the Android side: fewer features, more verification, less attack surface.
The trade-off — feature loss for safety — is real. It is a trade-off most users will not make, and that is fine. But for the people who genuinely need it, the existence of a single Settings toggle that disables a dozen of the historical zero-click vectors at once is a meaningful improvement on the status quo.
How to Turn It On
Settings → Privacy & Security → Lockdown Mode → Turn On Lockdown Mode. The device reboots. You can turn it off the same way. The setting can also be applied per-app on iOS 17 and later, in case you only want to harden Safari and Messages while leaving the rest of the system alone.
If you turn it on, expect to spend a week noticing which sites and apps degrade — and decide which ones, if any, are worth re-enabling. The list is usually shorter than people expect.