Yes you can disable it for specific sites and apps.
Regular Android has a similar feature called Advanced Protection (not to be confused with the Advanced Protection Program for your Google account) that does a lot of the same things. GrapheneOS already by default has stronger versions of all the protections so a different mode isn’t necessary.
On some iphones, lockdown mode causes voice call failures unless 2g/3g is kept on. What type of security issues occur in lockdown mode when keeping 2g/3g on.
Is there a fix?
What’s more secure :
lockdown mode with 2g/3g on
or
lockdown mode off
This is the more secure option because it reduces the attack surface in other areas as well. You should not be using 2g/3g at all though. It’s unencrypted. If something isn’t working because it’s disabled that’s a good thing.
Edit: figured I should specify that 2g/3g are technically encrypted but they use encryption that was broken years ago. More info here: Your Phone Is Vulnerable Because of 2G, But it Doesn't Have to Be | Electronic Frontier Foundation
How do I disable 2G/3G on iOS?
Enable lockdown mode. There’s no other way to do it.
Where do you live? In the USA those networks no longer exist.
That wasn’t specific to the US because I also travel, so 2G/3G may still be a problem.
But devices like Stingrays can still exploit them if they are enabled on the device.
That’s why I want to shut them down. I want to minimize my risk as much as possible.
An update if people are interested - They were able to unlock her macbook using her fingerprint
Natanson was reminded the FBI has authority to use her biometrics to unlock the laptop and Natanson repeated that she does not use biometrics on her devices. Natanson was told she must try, in accordance with the authorization in the warrant. The FBI assisted Natanson with applying her right index finger to the fingerprint reader which immediately unlocked the laptop.
Interesting. This means the Mac was already powered on and logged into when they seized it as, just like with iPhones, the first login after being powered on or restarted requires a password. If her fingerprint unlocked the Mac it means she had already logged into it before it was seized.
Also if they resorted to the fingerprint, does that mean they could not access it otherwise even though it was powered on? Or did they not even attempt exploitation until trying the fingerprint?
Edit Substantive update: Just finished reading the entire article, turns out there are two MacBook’s. One owned by the Washington Post and one personally owned by the reporter. The personal laptop was powered off and they have been unable to access it. The Post-owned MacBook was powered on when seized and that is what was unlocked with her finger print.
The problem is that voice calls fail in lockdown mode unless 2g/3g toggle is on. I think this started happening in iOS 26
Is there a way to turn 2g/3g off, use lockdown mode and still be able to make voice calls in 4g and use USB hotspot.
I have been able to make voice calls with WiFi Calling with lockdown mode on.
can you make regular voice calls over 4g?
I don’t understand what you mean by 4G and use USB hotspot. I have my iPhone on WiFi all the time and it’s connected to any WiFi network to make WiFi calls. Your carrier has to support it in order for it to work.
making calls over the cell network normally, with wifi off.
There may be a bug on some iphones. In LD, Voice calls fail and signal bars are off in lockdown mode.
Data and USB hotspot work.
This seems to be something odd specific to your phone or possibly your carrier.
I’ve been daily driving lockdown mode since it was released and have had no issues with voice calls either via 4g/LTE, 5G, or WiFi.
Yep, same here. No issue at all. It’s very seamless and almost like as if my phone wasn’t even hardened at all.
I still don’t get why 5G is less secure than 4G. Very surprised with that info!
If your macbook has an M1 or newer apple silicon processor, it can’t be forensically analyzed even if powered on - unless they have the password.
To recover a macbook typically you insert an external drive, and boot from that drive. However user credentials are required to make the change in the settings to allow for this.
I believe the ram is encrypted by the secure enclave on M1 or above macbooks as well, meaning a ram dump isn’t possible.
It doesn’t have the new MTE feature that the new A19 and I believe the M5 has. If you’re a journalist and travel a lot, I would probably ensure that my iPhone and MacBook have it.