About Lockdown Mode

Lockdown Mode helps protect devices against extremely rare and highly sophisticated cyber attacks.

What is Lockdown Mode?

Lockdown Mode is an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats. Most people are never targeted by attacks of this nature.

When Lockdown Mode is enabled, your device won’t function like it typically does. To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all.

Lockdown Mode is available in iOS 16 or later, iPadOS 16 or later, watchOS 10 or later, and macOS Ventura or later. Additional protections are available starting in iOS 17, iPadOS 17, watchOS 10, and macOS Sonoma.

For a complete set of protections, update your devices to the latest software before turning on Lockdown Mode.

How Lockdown Mode protects your device

When Lockdown Mode is enabled, some apps and features will function differently, including:

  • Messages - Most message attachment types are blocked, other than certain images, video, and audio. Some features, such as links and link previews, are unavailable.

  • Web browsing - Certain complex web technologies are blocked, which might cause some websites to load more slowly or not operate correctly. In addition, web fonts might not be displayed, and images might be replaced with a missing image icon.

  • FaceTime - Incoming FaceTime calls are blocked unless you have previously called that person or contact. Features such as SharePlay and Live Photos are unavailable.

  • Apple services - Incoming invitations for Apple services, such as invitations to manage a home in the Home app, are blocked unless you have previously invited that person. Game Center is also disabled.

  • Photos - When you share photos, location information is excluded. Shared albums are removed from the Photos app, and new Shared Album invitations are blocked. You can still view these shared albums on other devices that don’t have Lockdown Mode enabled.

  • Device connections - To connect your iPhone or iPad to an accessory or another computer, the device needs to be unlocked. To connect your Mac laptop with Apple silicon to an accessory, your Mac needs to be unlocked and you need to provide explicit approval.

  • Wireless connectivity - Your device won't automatically join non-secure Wi-Fi networks and will disconnect from a non-secure Wi-Fi network when you turn on Lockdown Mode. 2G cellular support is turned off.

  • Configuration profiles - Configuration profiles can’t be installed, and the device can’t be enrolled in Mobile Device Management or device supervision while in Lockdown Mode.

Phone calls and plain text messages continue to work while Lockdown Mode is enabled. Emergency features, such as SOS emergency calls, are not affected.

How to turn on Lockdown Mode

For a complete set of protections, you should update all of your devices to the latest software and turn on Lockdown Mode for all of your devices.

  • Lockdown Mode needs to be turned on separately for your iPhone, iPad, and Mac.

  • When you turn on Lockdown Mode for your iPhone, it's automatically turned on for your paired Apple Watch.

  • When you turn on Lockdown Mode for one of your devices, you get prompts to turn it on for your other supported Apple devices.

When Lockdown Mode is turned on, you might receive notifications when an app or feature is limited. A banner in Safari indicates that Lockdown Mode is on.

How to turn on Lockdown Mode on iPhone or iPad

  1. Open the Settings app.

  2. Tap Privacy & Security.

  3. Scroll down, tap Lockdown Mode, then tap Turn On Lockdown Mode.

    in Privacy & Security settings on iPhone, turn on Lockdown Mode.
  4. Tap Turn On Lockdown Mode.

  5. Tap Turn On & Restart, then enter your device passcode.

How to turn on Lockdown Mode on Mac

  1. Choose the Apple menu  > System Settings.

  2. From the sidebar, click Privacy & Security.

  3. Scroll down, click Lockdown Mode, then click Turn On.

  4. Click Turn on Lockdown Mode. You might need to enter the user password.

  5. Click Turn On & Restart.

How to exclude apps or websites from Lockdown Mode

While your device is in Lockdown Mode, you can exclude an app or website in Safari from being impacted and limited by WebKit restrictions. Exclude only trusted apps or websites and only if necessary.

On iPhone or iPad

To exclude a website while browsing: Tap the Page Menu button, tap the More button to open the Page Menu, then turn off Lockdown Mode for that website.

To exclude a website from Lockdown Mode protections, turn off Lockdown Mode in Page Settings in Safari.

To exclude an app or edit your excluded websites:

  1. Open the Settings app.

  2. Tap Privacy & Security.

  3. Under Security, tap Lockdown Mode.

  4. Tap Configure Web Browsing.

    To exclude an app or edit your excluded websites, tap Configure Web Browsing.

To exclude an app, turn that app off in the menu. Only apps that you have opened since enabling Lockdown Mode and which have limited functionality appear on this list.

To edit your excluded websites, tap Excluded Safari Websites > Edit.

On Mac

To exclude a website while browsing: Choose the Safari menu > Settings for [website]. Then deselect the Enable Lockdown Mode checkbox. To include the website again, reselect the checkbox.

To edit your excluded websites:

  1. From the menu bar in Safari, choose the Safari menu > Settings.

  2. Click Websites.

  3. In the sidebar, scroll down and click Lockdown Mode.

  4. From the menu next to a configured website, turn Lockdown Mode on or off.

Configuration profiles and managed devices

If a device is in Lockdown Mode, new configuration profiles can't be installed, and the device can't be enrolled in Mobile Device Management or device supervision. If a user wants to install a configuration profile or management profile, they need to turn off Lockdown Mode, install the profile, and then re-enable Lockdown Mode, if necessary. These restrictions prevent attackers from attempting to install malicious profiles.

A device that is enrolled in Mobile Device Management before Lockdown Mode is enabled remains managed. System administrators can install and remove configuration profiles on that device.

Lockdown Mode is not a configurable option for Mobile Device Management by system administrators, as it’s designed for the very small number of individual users who might be targeted by extreme cyber attacks.

Tarikh Diterbitkan: