Apple has made a striking claim: its Lockdown Mode, the extreme security feature baked into iPhones, iPads, and Macs since 2022, has never been successfully penetrated by commercial spyware. Not once. In a world where billion-dollar surveillance firms like NSO Group have built entire business models around cracking Apple devices, that’s a remarkable track record — and one that carries significant implications for journalists, dissidents, government officials, and the broader cybersecurity industry.
The claim surfaced in Apple’s latest transparency report and was highlighted by TechRadar, which noted that Apple has positioned Lockdown Mode as its most aggressive defensive tool against what the company calls “mercenary spyware.” The feature doesn’t just add another layer of encryption or tighten permissions at the margins. It fundamentally strips down what an iPhone can do — disabling entire categories of functionality that attackers have historically exploited to gain footholds on devices.
That trade-off is the point. And it appears to be working.
How Lockdown Mode Actually Works — and What It Sacrifices
When a user activates Lockdown Mode, the device enters a radically restricted state. Message attachments beyond basic images are blocked. Link previews in Messages disappear. Incoming FaceTime calls from unknown contacts are rejected outright. Web browsing gets hobbled — JavaScript just-in-time compilation, a common attack vector, is disabled unless the user manually whitelists a site. Wired connections to computers or accessories are blocked when the device is locked. Shared albums vanish from Photos. Configuration profiles, the kind IT departments use to manage corporate fleets, can’t be installed.
It’s not subtle. Apple designed Lockdown Mode to be conspicuously inconvenient, a deliberate friction that most consumers would find intolerable for daily use. The company has always been clear about the intended audience: people who face “grave, targeted threats to their digital security.” Think investigative reporters working on stories about authoritarian regimes. Think human rights lawyers representing political prisoners. Think senior government officials with access to classified information.
But here’s what makes Apple’s unblemished record noteworthy. The commercial spyware industry hasn’t exactly been idle since Lockdown Mode launched with iOS 16 in September 2022. NSO Group’s Pegasus spyware continues to evolve. Competitors like Intellexa’s Predator, QuaDream’s Reign, and Paragon Solutions’ Graphite have all been documented targeting Apple devices in the intervening years. Citizen Lab at the University of Toronto has catalogued dozens of zero-click exploits — attacks that require no user interaction whatsoever — deployed against iPhones during this period.
Yet none of them, according to Apple, have cracked Lockdown Mode.
The reason likely comes down to attack surface reduction, a concept that security researchers have long advocated but that platform vendors have been reluctant to implement aggressively. Every feature on a phone is a potential entry point. JIT compilation in WebKit, the rendering engine behind Safari, has been a particularly fertile hunting ground for exploit developers. By disabling it, Lockdown Mode eliminates an entire class of vulnerabilities — not by patching individual bugs, but by removing the code paths that make those bugs exploitable in the first place.
As TechRadar reported, Apple has continued to expand Lockdown Mode’s protections with each iOS release. iOS 17 added wireless connectivity restrictions, and iOS 18 further tightened the screws on what data can flow in and out of a locked-down device. Each iteration has closed additional avenues that spyware vendors might attempt to exploit.
The feature is free. It ships on every iPhone running iOS 16 or later, every iPad on iPadOS 16 or later, every Mac on macOS Ventura or later, and every Apple Watch on watchOS 10 or later. Turning it on requires navigating to Settings, then Privacy & Security, then Lockdown Mode — a few taps followed by a device restart. Turning it off is equally straightforward.
The Spyware Industry’s Response — and the Broader Security Implications
Apple’s claim, if it holds up to independent scrutiny, represents a genuine inflection point in the cat-and-mouse dynamic between platform vendors and surveillance firms. For years, the prevailing assumption in the cybersecurity community has been that sufficiently motivated and well-funded attackers will always find a way in. NSO Group charged governments roughly $500,000 per target for Pegasus deployments, according to court documents unsealed during its ongoing litigation with WhatsApp. At those price points, the economic incentive to defeat any defensive measure is enormous.
And yet Lockdown Mode appears to have held. That suggests the economics of exploit development may be shifting. If breaking into a locked-down iPhone requires discovering and chaining together vulnerabilities in a dramatically reduced code base — one that lacks many of the complex, feature-rich components that typically harbor bugs — the cost per exploit goes up significantly. Possibly prohibitively.
This doesn’t mean locked-down iPhones are invincible. Security researchers are careful to distinguish between “hasn’t been hacked” and “can’t be hacked.” Apple’s own language is precise: the company says no known successful attack has been documented. That leaves open the possibility that a breach occurred and simply hasn’t been detected or disclosed. State-level intelligence agencies, as opposed to commercial spyware vendors, operate under different constraints and capabilities. The NSA, GCHQ, and their counterparts in Russia and China don’t sell exploits on the open market and don’t typically appear in Citizen Lab reports.
Still, the practical effect is significant. For the population Lockdown Mode is designed to protect, the feature appears to deliver on its promise. That’s not nothing. It’s potentially lifesaving.
The timing of Apple’s claim also matters. The commercial spyware industry is under increasing legal and regulatory pressure globally. The Biden administration issued an executive order in March 2023 restricting U.S. government use of commercial spyware. The European Parliament launched an investigation into member states’ use of Pegasus. NSO Group has been mired in litigation, including a landmark case brought by WhatsApp that resulted in a jury finding the company liable for hacking 1,400 users’ devices. Apple itself sued NSO Group in November 2021, seeking a permanent injunction barring the company from using Apple products and services.
Against this backdrop, Apple’s ability to point to an undefeated security feature strengthens its legal and public relations position considerably. It’s a tangible demonstration that the company takes user protection seriously — not just through after-the-fact patches, but through proactive architectural decisions that make exploitation harder at a fundamental level.
For enterprise security teams, the existence of Lockdown Mode raises interesting questions. Should organizations with high-risk employees — executives traveling to adversarial countries, for example — mandate its use on corporate devices? The functionality trade-offs are real: some business applications may not work correctly with JIT compilation disabled, and the restrictions on accessories and configuration profiles could complicate device management. But for individuals who represent high-value targets, the security benefits may outweigh the operational inconvenience.
Some security professionals have begun advocating for exactly this approach. The logic is straightforward: if a feature demonstrably stops the most sophisticated commercial spyware on the planet, the question isn’t whether to use it, but whether you can afford not to.
Google has taken a parallel, if less dramatic, approach with its Advanced Protection Program for Android, which similarly restricts device functionality in exchange for hardened security. But Apple’s Lockdown Mode is more aggressive in its restrictions and, based on available evidence, more effective in its results. The comparison isn’t entirely apples-to-apples — Android’s fragmented update distribution means many devices never receive the latest security patches — but it underscores a broader industry trend toward offering opt-in extreme security modes for at-risk users.
The question going forward is whether Apple will expand Lockdown Mode’s protections further, or whether it will begin relaxing some restrictions as it identifies ways to maintain security without sacrificing as much functionality. The company hasn’t signaled its intentions. But given the feature’s unblemished record, there’s little incentive to change course.
For the spyware industry, the message is blunt. Apple has built a wall that, so far, no commercial attacker has managed to scale. And with each iOS update, that wall gets higher.
Apple’s Lockdown Mode Has Never Been Breached by Spyware — And That Changes the Calculus for Everyone first appeared on Web and IT News.