Should I use Lockdown Mode?

Do you guys use Lockdown Mode on your Apple devices?
If so, does it bother you that some features are missing?
Do you think an average person should use it?

An average person shouldn’t use it and this is why I don’t like Lockdown Mode. You either get nothing by not enabling it or everything, including a kitchen sink, when enabling it.

Basically, you have no choice and control over what you want and what you don’t, but this is Apple, I didn’t expect anything else from them, they’re known for limiting user control and freedom.

But you should try it and see if it works for you.

I personally use it on my iPhone and MacBook. None of the restrictions have annoyed me other than some fonts on websites being blocked, but you can easily disable Lockdown Mode per website. There is a fingerprinting concern as websites can identify whether an Apple device is in Lockdown Mode because of the font blocking and probably other stuff. Cryptee did publish of proof on concept for iOS. Whether or not websites actually do is uncertain, so to (possibly) help people who truly need it I also use it (though if they depend on anonymity they should use Tor and a live OS). And I do just like the extra security. It does not come anywhere near GrapheneOS though. But does Lockdown Mode actually work? Yes, it has blocked an attack at least once and other times it would have had the user enabled it. It also would have blocked the Operation Triangulation attack against Kaspersky as it would have blocked the malicious pdf file. Alternatively, disabling iMessage (which has a large attack surface) would have worked as well.

The fact that websites can detect whether an Apple device is in Lockdown Mode due to font blocking essentially fingerprints your device, what’s the use of a security feature if it screams “Hey look at me, I’m hiding something!” ?

And let’s not even start on iMessage’s vulnerabilities which by the way, disabling should not be considered an ‘alternative’ but rather a necessity

Well, that can be said for a lot of stuff. E2EE is a security feature, but lots of governments look at that and go, “Hey, they must be doing something illegal!” And Apple did actually say that it is working as intended. Yes, it makes your device more unique, but it does increase its security.

I agree, but a lot of people buy an iPhone to use iMessage so a lot won’t disable it. Apple really should try to reduce its attack surface. A lot of the zero-click exploits attacked iMessage first. I would disable it because I rarely use it, but I don’t because I want the messages with the few people that use it to be E2EE. Oh, and let’s mention that Apple doesn’t force HTTPS on Safari yet. Yes, they do automatically upgrade to HTTPS for some websites, but not all and it is possible to visit a HTTP website. That’s how Ahmed Eltantawy’s iPhone was compromised by Predator Spyware. But it was another attack Lockdown Mode would hav blocked had he enabled it.

As with the BLASTPASS zero-click exploit we recently disclosed, we believe, and Apple’s Security Engineering and Architecture team has confirmed to us, that Lockdown Mode blocks this particular attack.

These two recent high profile cases underline the serious value that this security mode provides.

Therefore, we encourage all Mac, iPhone, and iPad users who may face increased risk because of who they are or what they do to enable Lockdown Mode.

Source.

Source?

I’m really surprised by the responses here. Lockdown Mode significantly improves security, and I see no reason not to turn it on if it doesn’t cause any issues for you. Like @anon59474973 pointed out, it has been proven to prevent attacks and actually work, so I don’t see how it’s a “security placebo”.

I do wish it was a bit more configurable and less of an all or nothing buy-in with some things, but still, I think it’s a great feature that the vast majority of other mobile phones don’t have anything remotely close to.

Especially since it is available on consumer devices that you can just walk into a store and buy. Unlike GrapheneOS (GOS) which, while providing superior security, isn’t something everyone would use and tbh probably shouldn’t buy online or in-store but rather flash yourself. There’s around 250 thousand GOS users compared to Apple’s 1 billion+. Android doesn’t have a similar feature and it’s not like all Android devices probably could either. Google could with their Pixel but that would be it. And let’s not forget that most people who would be targeted still use Android and iOS devices like everyone else. GOS is still pretty niche even for people who could really benefit from its enhanced security.

You can just go in and buy a Google Pixel or buy it online, and if you’re capable of using a phone, then you’re more than capable of flashing GrapheneOS. It’s as easy as connecting your phone to a PC or another Android phone with a cable, visiting grapheneos.org, and pressing the buttons on the screen, it’s extremely simple.

Apple’s Lockdown Mode is nothing special compared to what GrapheneOS or even stock Android offer.

Lockdown mode is hyped as being something crazy advanced, while it really isn’t. This is basically what the default should look like and mostly does on other platforms.

I don’t see why this matters. Most services and software recommended by Privacy Guides could be considered niche if we look at the user count compared to the big tech alternatives. It’s irrelevant if it’s niche or not if it improves users privacy, security, freedom, etc., which GrapheneOS does.

You can just go in and buy a Google Pixel or buy it online, and if you’re capable of using a phone, then you’re more than capable of flashing GrapheneOS. It’s as easy as connecting your phone to a PC or another Android phone with a cable, visiting grapheneos.org, and pressing the buttons on the screen, it’s extremely simple.

I agree that it’s very simple, but I feel like you overestimate the tech-savviness of a lot of average people. I doubt most people nowadays have ever connected their phone to their computer or directly to another phone, period. But it’s irrelevant, as in general, GrapheneOS is still very obscure and unknown outside of privacy security circles. Most people don’t know it exists. Hell, I would say the vast majority of people don’t even know LineageOS, or that they’re even able to unlock the bootloader on certain phones and install a different OS period. That’s where Lockdown Mode is great, it’s a built-in feature which is easy for anyone to enable on an extremely widely adopted OS.

Apple’s Lockdown Mode is nothing special compared to what GrapheneOS or even stock Android offer.

It’s nothing special compared to GrapheneOS, yeah, I agree, but compared to stock Android, really? I guess the problem is “Stock” Android is too vague of a term and can heavily vary depending on OEM and various other factors, but still, I can’t think of a stock Android OS that has all of the security features of Lockdown Mode even available at all.

Lockdown mode is hyped as being something crazy advanced, while it really isn’t. This is basically what the default should look like and mostly does on other platforms.

I agree that some of Lockdown mode’s features should be the default, but a lot of what Lockdown mode does is certainly not the default on most other platforms that I’m aware of. I think the problem here is that you’re too focused on the online privacy security bubble specifically vs. the general public.

I don’t see why this matters. Most services and software recommended by Privacy Guides could be considered niche if we look at the user count compared to the big tech alternatives. It’s irrelevant if it’s niche or not if it improves users privacy, security, freedom, etc., which GrapheneOS does.

I think you misunderstood @anon59474973’s point. I don’t think that he meant that GrapheneOS was worse because it wasn’t as well known, rather that simply most people don’t know it exists, and as such, can’t take advantage of or use it. There’s also cases where people just can’t get a Pixel, etc.

I feel like this has derailed pretty heavily, went from someone asking if they should enable Lockdown Mode on their Apple devices, to just shitting on Apple and recommending GrapheneOS.

I just don’t get this hate for Lockdown Mode. Bringing more security to the general public is a good thing. Sure, GrapheneOS is excellent, but it’s not the answer for everything, and it’s also just irrelevant to this discussion, since it has nothing to do with how good Lockdown Mode specifically is or whether it should be used or not.

Could you give some examples? Which Lockdown Mode features do stock OS’es on for example Google Pixel and Samsung phones aren’t available or can’t be made available with ease?

I’d say the biggest example is the browser hardening. It not only applies to Safari itself, but also to the system’s WebKit as a whole. It’s similar to a hardened WebView like Vanadium or Mulch, and improves security of every app that uses it. Also being able to disable the hardening for certain apps is nice for usability. Nothing really like that on stock OSes.

Being able to turn off 2G is another example. While it is in AOSP and present on some stock Android variants like the Pixel’s, a lot of devices still don’t have this feature as far as I’m aware, like Samsung’s. This is a pretty important security feature.

Lockdown Mode also blocks auto-connecting to insecure guest networks (You could still prevent auto-connecting manually for each network, but annoying and tedious), and blocks installing configuration profiles, which I’m also not sure of being an option on most Stock OSes.

I’m also not sure how the hardening in iMessage with Lockdown Mode compares to Google Messages (as I don’t use either), but that could also be a point.

Also unclear how carrier locked Android devices can impact some of these settings, such as disabling 2G, whereas this isn’t really an issue on iOS afaik.

Is Lockdown Mode game-changing and super advanced? No, I’d say not. But I do think it’s a great feature that should be used if it doesn’t cause issues for you, and I believe that it provides better security than most operating systems and devices that average consumers have available. I don’t think it’s perfect, but I think it’s a great addition, and I’d like to see more OEMs add features similar to Lockdown Mode.

I think @Sharply answered everything pretty well. But maybe I can add some more info.

Yeah, this is what I meant. Especially the fact that the Pixel isn’t available in as many countries as the iPhone. Currently the Pixel 8 is only available in 21 countries. It was less for the previous ones. The iPhone 13 was released in 31 countries in September and then another 15 in October. The iPhone 15 and 15 Pro were available in 40 countries in September 22 and was available in another 20 countries in September 29.

It’s also generally recommended not to connect your phone to your computer as computers are nowhere near as secure as phones. I think back to one scambaiting video where this scammer stupidly backed up his phone to his computer without encrypting it, giving the scambaiter access to everything that’s on his phone. Messages, contacts, photos, videos, etc.

I doubt Google Messages blocks attachments, which is what Lockdown Mode does in iMessage. I know the zero-click exploits against iMessage used pdf files and I think a gif.

And as mentioned before, the people who would truly need to depend on GrapheneOS’s security either don’t know about it or wouldn’t use it anyway. Often times in their forum you see people switching to it because of its privacy enhancements (like being de-Googled) rather than its security. Security is a big selling point compared to other custom Android operating systems, but not many actually depend on its enhanced security. They aren’t likely to be targeted by spyware and while disabling parts of the USB-C port is really cool and all phones should have an auto-reboot feature, if you are likely to have your phone seized you should be aware of turning it off in situations where it’s more likely to happen, whether you have an iPhone, a Stock Pixel or a phone that isn’t recommended. I also don’t see many organizations mention it. The Markup updated their How Do I Prepare My Phone for a Protest? but never mentioned GOS. I don’t think Freedom of the Press Foundation or Electronic Frontier Foundation have mentioned it much either or at all. And I bet those people who were work there should probably use GOS.

Anyway, this has derailed quite a bit as Sharply said. @MojoBojo the general recommendation is to enable it if it doesn’t cause much issue for you. You can easily disable Lockdown Mode on a per-site basis in Safari if some websites that have their fonts blocked are too annoying. It does increase the security of an Apple device significantly by disabling certain features that are common attack vectors (AKA, reducing the attack surface of the device), like blocking attachments in iMessage and disabling Just-in-Time JavaScript Compilation in Safari. And Apple has improved it in iOS 17 and most likely will this year in iOS 18. And as I showed in my first and second post here, it has proven to protect an iPhone from spyware.

Edit: Lockdown Mode also protects against iLeakage.

Lockdown Mode does mitigate our work by disabling just-in-time (JIT) compilation in Safari, which is a performance feature used by iLeakage to build its attack primitives. However, Lockdown Mode changes device behavior in other aspects. For example, some message attachments and unknown FaceTime calls may be blocked. See Apple’s documentation for a complete list.

Furthermore, since iLeakage is written in JavaScript, disabling it also mitigates our work. However, disabling JavaScript may cause Safari to render some websites incorrectly or incompletely, and some advanced web features such as online payments may not work.

The evidence is in the very design of Lockdown Mode, It’s a minimal implementation that locks down a few features while ignoring broader system vulnerabilities that are still being exploited

If you need a “source” to see the effectiveness of a security feature you’re already missing the point, the real test is practical application, how it stands up against real-world threats, and not just theoretical ones

Apple’s ecosystem is so tightly controlled that they can spin any feature as a security win, It’s a minimal step forward that does more for Apple’s PR than it does for your actual security

True, there are things Apple should address as a whole. This is what GOS does. However, sometimes outright disabling a feature is a more certain way for it to never be used against you. That’s why it’s recommended to either not use or disable biometrics in certain cases.

I have given examples of where it has protected against real-world threats that are not theoretical. Pegasus has been around for over a decade yet it only just got a lot of attention a few years ago because it was used against journalists and Human Rights Defenders. Apple made Lockdown Mode for their devices and it has blocked one and would have blocked others had it been enabled (or existed at the time as with the case with Kaspersky and Operation Triangulation). And Apple is putting their money on it. It’s a $2 million dollar bounty for any researchers who successfully compromise an iPhone in Lockdown Mode. That’s the highest bounty ever offered.

Does it help Apple’s PR? Yes, most definitely. I mean, iOS have always been recommended over Android for journalists, this just makes it even more so. iOS has always been more strict and always had the best update support compared to Android. That is now changing with Google and Samsung promising 7 years of updates for their latest phones. I do wish Apple would state how long each of their devices will get updates for. And it actually does help your security. Again, sources have been provided.

Your analogy with E2EE and governments is a false equivalence, E2EE is a proven and necessary feature for secure communication despite what governments think

Lockdown Mode on the other hand is a clunky and half-baked attempt at security that makes you stand out like a sore thumb, If a security feature screams makes you stand out then it’s fundamentally flawed

Apple saying it “works as intended” is just a cop-out, it might make your device more secure in some ways but it also makes you more identifiable which defeats the purpose of blending in and staying under the radar, people forget that security isn’t just about blocking attacks, it’s also about not drawing unnecessary attention to yourself in the first place

I agree, disabling iMessage should be a given if you care about security because It’s one of the biggest attack vectors out there and Apple’s done a piss-poor job of locking it down, the fact that people won’t disable it because they “want the messages to be E2EE” is laughable when those very messages are a security risk

It’s 2024 and they still haven’t mandated HTTPS, that’s negligence, plain and simple, Lockdown Mode might have blocked it but it’s still a band-aid on a fundamentally flawed system

You’re clutching at straws to defend Lockdown Mode and it’s honestly painful to watch

Disabling features can enhance security, no argument there, but Apple’s Lockdown Mode is a half-baked attempt at best, disabling biometrics makes sense in certain scenarios but let’s not pretend that Lockdown Mode’s feature restrictions are some grand security masterstroke, It’s still a minimal effort that ignores broader system vulnerabilities that remain wide open for exploitation

Pegasus and other sophisticated threats have been around for ages, Apple’s $2 million bounty is impressive, but it’s also a PR stunt, It’s designed to make you think they’re on top of security when in reality their ecosystem remains vulnerable, they can afford to throw money at bounties because it’s a fraction of what they make from convincing you their devices are secure

That’s just playing to their strengths in controlled environments, Android, especially with GrapheneOS offers far more flexibility and can be just as secure, if not more so, when configured properly and Apple’s update support is commendable but they need to be more transparent about their long-term update plans

Okay so no, no source. Thanks for playing

I do agree that staying under the radar is often the best approach. The last thing you want to do is draw attention to yourself, especially at an airport, border or protest.

Yeah, not mandating HTTPS is terrible. The only way I’ve seen to force it is on iOS by using the iVerify app by Trail of Bits (though it is now independent). “Secured Browsing” allows you to force HTTPS and block HTTP. I did provide feedback to Apple for Safari about that, so maybe they’ll do it soon. I’m not too surprised that they haven’t yet considering it was only last year when they added the option to secure your Apple Account with security keys.

No argument there. I wasn’t saying it was some security masterstroke, but it does make it harder to exploit an iPhone, so it does have a benefit. Should Apple just design things differently by designing them with the smallest attack surface possible? Yes, but I do believe that having the option to disable features is good. Even Google Chrome on desktop now allows you to disable the V8 Engine.

I have no doubt that their ecosystem remains vulnerable. Apple does give some cyber security researchers access to specific iPhones that don’t have their security features enabled, but it is only to select researches and they have to apply for the specific iPhone device.

Yes, it is their strengths as they control everything. Android does offer more flexibility in terms of side loading and with some Android devices allowing the user to unlock the bootloader and flash a custom operating system (best being the Pixel). I’m pretty sure I mentioned at some point that GrapheneOS is more secure than an iPhone Lockdown Mode. I even have GrapheneOS on my Pixel 6, and I love it.

I was defending Lockdown Mode in that it has proven to block spyware attacks. I’m not saying that it’s better than actually developing or improving existing features to be more secure. But I do think it’s good that Apple offers it. Both Apple and Google have room to improve their respective smartphone operating systems. I do sometimes feel that Google takes security more seriously; Google will warn you if an app you have installed is malicious through Google Play Protect, but Apple doesn’t even though they would know that you have that app installed. I do believe that Apple has some hubris when it comes to the security of their devices, especially in regard to the iPhone. They don’t like to admit if an app on the App Store is malicious or that the iPhone being exploited through iMessage shows that the iPhone isn’t as secure as they like to claim.

Use it? Yes, you wont feel any problems on apps, might break some websites but you simply exclude them in settings.

Is it a joke or more of a promotional trick? Yes, it can mitigate some attacks but by calling it “Lockdown” mode while bluetooth and javascript are still enabled, is just for laughs.

In the end of the day is how the user operates the device, don’t even think of going wild just because you have this mode enabled. Kinda creates a false sense of security.