Apple's Lockdown Mode: A Double-Edged Sword for Security

Apple’s Lockdown Mode is good for security — but its notifications are baffling

As a paranoid journalist, I have been an enthusiastic user of Apple's opt-in "extreme protection" feature, Lockdown Mode. Since its launch in 2022, this security feature has become a must-use for dissidents in corrupt countries, human-rights defenders in oppressive regimes, and journalists speaking truth to power.

Lockdown Mode is designed to switch off some features in iPhones, iPads, and Macs, with the goal of reducing the likelihood that hackers armed with sophisticated spyware or zero-days can successfully break Apple's operating system protections and spy on its users. In practice, Lockdown Mode removes some normal Apple device features, such as fonts loaded from the internet that can track you, the ability to receive certain types of files, your location data from photos that you share, support for 2G cellular connectivity, and letting people who haven’t contacted you before reach you over FaceTime and iMessage.

In exchange for these nuisances, Lockdown Mode makes it harder for you to get hacked, even by some of the most advanced hackers out there. Lockdown Mode already has a track record of blocking those advanced attacks. Apple says it is not aware of any successful hack against its users who have enabled Lockdown Mode, and digital rights group Citizen Lab has documented an attempted spyware attack blocked by Lockdown Mode.

I, too, have personally heard some people in the offensive security industry complain about Lockdown Mode making their exploits more difficult. But three years after its debut, exactly how Lockdown Mode works is still shrouded in mystery. When I wrote about my concerns about Lockdown Mode on social media, several people responded publicly — and in private — saying they have had similar experiences and are also confused.

I decided to run an experiment with the help of Harlo Holmes, chief information security officer and the director of digital security at Freedom of the Press Foundation. We both deleted each other from our contact lists (we’re still friends, though), and started chatting for the first time ever on iMessage. When Holmes texted me — and neither of us were in each others’ contact lists — I received the "Lockdown Mode blocked..." notification, this time displaying her phone number.

I still received her message. We exchanged text, emojis, a cat picture, and iMessage “stickers.” All of these went through, except for the stickers, which turned to either a Unicode character of a question mark, or a nondescript file attachment, which can’t be opened, even if you tap on it: When this happened, both Holmes and I could still see the stickers we sent from our own phones, meaning the blocking was only visible to the recipient. That is also the case for the “Lockdown Mode blocked…” notification.

This raises questions about what these notifications are supposed to tell me. Why do they block certain actions? What kind of content will Lockdown Mode prevent? And why does Apple not provide clear explanations?

I reached out to Apple asking them for some explanations, but an Apple spokesperson did not provide on the record remarks by press time. At least the spokesperson acknowledged receiving my message, so I know Lockdown Mode didn’t block it.