This is insane. Very obviously a government directed attack in coordination with the mobile service provider.

What were they doing ? Looking at his communications?

Anyone know mobile browser that force https?

Seems to be standard for desktop browsers but their same phone apps do not. Strange

Looked more into lockdown mode on a friends device.

The onboarding messaging is quite dismissive. The “cost” to the user don’t seem very significant. Certainly best practice for most cyber-nonsecure out there.

What do you think, is it just highly exposed people who should carry these settings?

I turned it on for him. We’ll see if it impacts his device experience.