Meta is spending millions on bug bounties and security tools to boost WhatsApp security

News
By published

New tools and expanded reach ramp up WhatsApp security

Silhouette of smartphone with Facebook, Messenger, WhatsApp, Instagram, Oculus apps and blurred META logo on background
(Image credit: Shutterstock / mundissima)
  • Meta launches WhatsApp Research Proxy to aid bug bounty investigations into WhatsApp protocols
  • Specialized research pilot expands to include abuse issues with engineering support and tooling
  • In 2025, Meta validated ~800 reports, paying $4M for critical bug fixes

Meta has introduced new tools to help cybersecurity researchers find bugs in WhatsApp.

In a new blog post discussing the success of its Bug Bounty program over the last 15 years, Meta said the researchers asked for a product that would help them investigate WhatsApp-specific technologies better, and in response, it built WhatsApp Research Proxy.

Describing it as a “tool that makes research into WhatsApp’s network protocol more effective”, Meta said it will be available to “some of our long-time bug bounty researchers”, who will not only use the tool, but provide feedback to help improve it. More researchers will be invited to test the tool as time goes by, Meta added, and stressed that the goal is to release the tool publicly in the future. No exact dates were mentioned, though.

Expanding bug bounty programs

Meta also announced it would be expanding its specialized research pilot. Earlier this year, the company launched a pilot to help accelerate collaboration in particular areas - but just with researchers with proven credentials.

Now, Meta is looking to expand this partnership by incentivizing research “beyond traditional security vulnerabilities”.

As part of this expansion, Meta is now inviting research teams to focus on abuse issues with dedicated internal engineering support and tooling, all with the goal of lowering the barrier of entry for academics and other searchers who might not be as familiar with bug bounty programs.

The company that owns Facebook, Instagram, WhatsApp, and a few other platforms, said it received around 13,000 submissions to its bug bounty program in 2025. It validated almost 800 reports, for which it made cumulative payments of more than $4 million.

Some of the worst bugs that were fixed through the program include a method that allowed mass WhatsApp account enumeration, an incomplete validation issue, and different arbitrary code execution bugs.

Via The Hacker News

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.