Apple's Lockdown Mode is nothing special

I often see Apple’s Lockdown Mode being treated like some kind of security innovation or a security feature exclusive to iOS, etc. Even big privacy YouTubers such as Techlore treat Lockdown Mode as a “selling point for iOS”:

Lockdown mode, which has been demonstrated to be one of the most proven way to fight government spyware

So let’s examine what Lockdown Mode actually does.

1. It blocks most message attachment types and disables some features, such as links and link previews, in their proprietary messaging app, iMessage.

iMessage is very complex, has a massive attack surface, and is a security nightmare in general. Instead of doing something about it and improving security for everyone, they just block some attachment types and make some features unavailable for those who choose to enable Lockdown Mode.

You should actually use good messengers such as Signal, SimpleX, etc. instead of iMessage, but for those who use iMessage, this does in fact improve their security.

2. It disables JavaScript JIT, which should be disabled by default regardless of whether you have Lockdown Mode enabled or not, because Javascript JIT is a security hazard.

Browsers such as Mull, Cromite, Vanadium, Mulch, and Bromite have JavaScript JIT disabled. So this is nothing new, and it’s a worse implementation because you can’t just choose to disable Javascript JIT; you need to enable Lockdown Mode to disable Javascript JIT.

3. It disables 2G, which can be disabled on Android for quite some time, and you can even choose to enable LTE only, 5G only modes, etc.

It also does some other things that you can read about here:

The rest of the “protections” are either iOS-specific, available, or can be done on Android.

TLDR is that Lockdown Mode doesn’t offer any protections that Android doesn’t offer, and the only difference is that they just give you less freedom and choice over these protections, but they do this with almost everything on iOS, so that’s nothing new.

So basically it secures the native messenger, disables JIT in Safari, and disables 2G. All things you’re suggesting people do anyways.

Based on your points it sounds like your real TLDR is that Lockdown Mode is indeed effective on iOS, which I think is all people are saying anyways.

It reduces the attack surface of the native messenger, which improves its security.

It does more than just disabling JIT in Safari. I daily drive Vanadium, which has JIT disabled, and I have no issue, but Safari with Lockdown Mode is quite a bad user experience for me because some web fonts aren’t displayed and some images are replaced with missing image icons.

If you disable Lockdown Mode for a site because of these issues, you also enable JIT, which brings the issue of having less freedom and choice over these protections into place.

It is effective, and I don’t have any technical criticisms. The issue I have with Lockdown Mode is that people make it look like it does something that’s exclusive to iOS and that it’s a selling point of iOS. I also have an issue with Apple not giving them more freedom and control over these protections.

It is a selling point of iOS, because not every android device can run Graphene. On top of this, iPhones are sold in more places than Pixels are. I’m sure someone will “muh securityguides” me for this, but if the choice is between a non-Google flagship or an iPhone (barring importing a Pixel), I would contend that the iPhone is going to be better, partly because of lockdown mode and other security features, but also because Apple is slurping up less data than the average android OEM (even if the ceiling to privacy is lower than on a Pixel (or other device that runs Divest or Calyx)).

You don’t even need GrapheneOS to have all of those Lockdown Mode protections on Android, excluding the iOS-specific ones for iMessage, FaceTime, etc. For it to be a selling point, Lockdown Mode would have to offer protections that aren’t available on Android.

What about it on MacOS?

If we go back to your original points:

1. Reducing attack surface within iMessage when needed is not something that android needs and you suggest using specific messengers which themselves can have expanded attack surfaces (though I do agree iMessage is particularly comical in how many attacks use it as a vector)
2. You can still just turn off js entirely without lockdown mode, which is a bigger benefit than just turning off JIT for it. Additionally, on android, you can’t change your webview without a custom rom so the point is moot since you can’t disable js JIT everywhere anyway without Graphene or Divest and so on
3. Two major versions of android and only on devices that are modern enough to support a particular version of the radio hardware abstraction layer

Graphene/Divest/Calyx =/= Android as a whole, especially because of points 2 and 3. And having an easy toggle on a phone people might already have (or have easier access to compared to Pixels) is absolutely a selling point in some contexts, and also, again, Android as a whole is not as friendly and foss-y and good as the Graphenes and Divests of the world

Signal, WhatsApp, etc. do, in fact, have a lot of remote attack surface, and E2EE doesn’t do much if the app itself is exploited. One thing that significantly helps with this is MTE, which is only available on GrapheneOS and is coming to stock OS on Pixel 8 and later devices. I hope to see MTE on more devices because it’s a game changer when it comes to security.

How many people would actually disable Javascript entirely, and how realistic is that? Very few would, and that’s unrealistic.

Especially when the only way to disable and enable Javascript is in Safari settings, and I couldn’t even find a way to disable or enable Javascript per site!

Also, disabling JIT just in the browser itself already provides a lot of benefit, even though you can’t disable it everywhere on most operating systems.

I don’t see how having a toggle that only allows you to pick between all the protections or none of them is a selling point when you can achieve the same protections on most Android devices and have more control over all of them which results in better UX.

Not many people use Lockdown Mode and benefit from either of the protections because it’s either everything or nothing, and most people will choose nothing. People might want more security in Safari, they might want to disable 2G, but they might not want to lose any functionality in iMessage, which would lead to them not enabling Lockdown Mode and not benefiting from any of the protections.

Android is actually pretty “foss-y.” All of these operating systems, like OneUI, MIUI, etc., are basically AOSP with some changes and proprietary stuff on top of it that the OEM chose to put in. Meanwhile, iOS has to be the most proprietary and locked-down mobile OS in existence.

It appears that the implementation of Apple’s Lockdown Mode bothers you. It’s okay if you don’t like it. Depending on your threat model, using Lockdown Mode is optional. Some people have to use the feature due to theirs. It’s a good thing the feature exists. It has prevented some attacks in the past, such as this one Forbes reported on. It will probably prevent more attacks in the future. That’s great!

If you don’t like the current implementation of Lockdown Mode and your threat model allows it, don’t use it. And/Or, submit your feedback about Lockdown Mode to Apple.

The feature will continue to get praised due to the prevention of aforementioned and future attacks, and rightfully so. If that bothers you, I suggest directing your attention elsewhere.

Well I agree with the replies. I think the point @anon28734771 tries to make is that Apple’s lockdown mode is nothing special compared to what GrapheneOS or even stock android offers. And I agree with that. Lockdown mode is hyped as being something crazy advanced, while it really isn’t. This is what the default basically should look like and mostly does on other platforms. If you use an iphone surely you should use lockdown mode, but when you decide to purchase a secure device it’s not like you should buy an iphone because it has lockdown mode.

Please correct me if I am misunderstanding @anon28734771. I do agree if this is the message.

Not everyone is able to use other platforms such as GrapeheneOS. Apple’s Lockdown Mode expands the availability of additional security measures to people who already own (supported) Apple devices. That means even more people have access to the option of more secure devices - a good thing.

Why it has to be GrapeheneOS? Every feature in Lockdown mode is already available on stock Android devices, and also not limited to Pixels.

Yes, this is the message that I was trying to send to people who think that Lockdown Mode is something that would make iOS a better choice than Android, etc., even though it’s nothing special. That’s why the title is “Apple’s Lockdown Mode is Nothing Special.”

It doesn’t have to be GrapheneOS. I used the example ph00lt0 mentioned in their reply.

@Paced0594

Even if that’s the case, Lockdown mode is not turned on by default on iOS either. As I can see, Lockdown mode features have nothing to do with GrapheneOS, as the features are available on stock Android as well.

Are the Android-equivalent features you mentioned disabled by default on Android phones? (For instance: not automatically connectiong to unsecure networks, 2G support not available, blocked complex web technologies, etc.) I’m not sure - genuinely curious.

It depends on which AOSP derivitive you’re using.

I don’t think the default behavior on stock Android phones is relevant here, since iOS, which you referred to GrapheneOS, doesn’t have this on by default either.

As far as Lockdown mode goes, it doesn’t matter if you use an Android or iOS. You can choose to turn this on regardless. But you would have more granular control over this feature on Android.

They literally aren’t though? Not across all phones from all OEMs.

The various OEM skins on Android are… proprietary and locked down too (shoutout to the various things that get disabled/broken with custom ROMs on Samsung phones). It comes off as just hating on Apple rather than have a reasonable criticism that often equally applies to Android OEMs.