One of the new features of iOS 16 is Lockdown Mode, which helps users protect themselves against targeted cyber attacks by disabling multiple device features. Among everything Lockdown Mode changes, it also restricts web browsing – and now software engineer Alexis Lours details how exactly that happens.
Lockdown Mode’s impact on web browsing
Lockdown Mode in iOS 16 disables also disables WebAssembly. WASM a powerful binary code format that enables high-performance apps on web pages. However, it can also be used to create a digital “fingerprint” of users, which helps third parties track people across websites and apps.
Interestingly, support for MP3 players on webpages is also disabled with Lockdown Mode. Lours believes that Apple wants to prevent attackers from using MP3 decoding for malicious purposes. Of course, this ends up breaking any website with MP3 playback without a fallback to the AAC or OGG formats.
The Gamepad API, which was created to let users interact with game controllers on websites, doesn’t work with Lockdown Mode enabled. This is because malicious websites can use details like the controller ID to track users. Unsurprisingly, this breaks down web games and platforms that rely on an external game controller.
Previewing files in web browsers is also restricted with Lockdown Mode. For instance, JPEG 2000 images and SVG fonts, which are exclusively supported by Safari, are disabled so websites can’t use these formats to target iOS users. PDF previewing for websites is also disabled, as multiple PDF-related exploits have been found in the past.
Other disabled features include WebGL, Speech Recognition API, and the Web Audio API.
What else does Lockdown Mode restrict?
In addition to restricting web browsing, Lockdown Mode in iOS 16 also blocks most message attachments and link previews in Apple’s Messages app. Users with Lockdown Mode enabled only get FaceTime calls from known numbers and iCloud Shared Albums are removed from the Photos app.
Apple also blocks configuration profiles and access to the device over a wired connection with Lockdown Mode turned on.
Of course, Apple emphasizes that Lockdown Mode is intended for a specific group of users who may be targeted by sophisticated espionage threats. These users include journalists, activists, and members of governments. This came after the company filed a lawsuit against ‘Pegasus’ spyware creator NSO Group last fall.
Lockdown Mode is available as part of iOS 16, which is expected to be released this fall. Developers and users registered in the Apple Beta Software Program can now try out iOS 16 beta.