- Meta launches WhatsApp Research Proxy to help with bug bounty research in WhatsApp protocols
- Specialized research pilot expanded to include substance abuse issues with technical support and tools
- By 2025, Meta validated ~800 reports and paid $4M for critical bug fixes
Meta has introduced new tools to help cyber security researchers find flaws in WhatsApp.
In a new blog post discussing the success of its Bug Bounty program over the past 15 years, Meta said researchers asked for a product that would help them better investigate WhatsApp-specific technologies, and in response it built the WhatsApp Research Proxy.
Describing it as a “tool that makes research into WhatsApp’s network protocol more efficient,” Meta said it will be available to “some of our long-time bug bounty researchers” who will not only use the tool, but provide feedback to help improve it. More researchers will be invited to test the tool as time goes on, Meta added, stressing that the goal is to release the tool publicly in the future. However, no exact dates were mentioned.
Expanding bug bounty programs
Meta also announced that it would expand its specialized research pilot. Earlier this year, the company launched a pilot to help accelerate collaboration in certain areas – but only with researchers with proven credentials.
Now, Meta is looking to expand that partnership by encouraging research “beyond traditional security vulnerabilities.”
As part of this expansion, Meta now invites research teams to focus on bug issues with dedicated internal technical support and tools, all with the goal of lowering the barrier to entry for academics and other searchers who may not be as familiar with bug bounty programs.
The company, which owns Facebook, Instagram, WhatsApp and a few other platforms, said it received about 13,000 submissions to its bug bounty program in 2025. It validated nearly 800 reports, for which it made cumulative payments of more than $4 million.
Some of the worst bugs fixed through the program include a method that allowed mass enumeration of WhatsApp accounts, an incomplete validation issue, and various arbitrary code execution errors.
Via Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
