- Meta launches WhatsApp Research Proxy to aid bug bounty investigations into WhatsApp protocols
- Specialized research pilot expands to include abuse issues with engineering support and tooling
- In 2025, Meta validated ~800 reports, paying $4M for critical bug fixes
Meta has introduced new tools to help cybersecurity researchers find bugs in WhatsApp.
In a new blog post discussing the success of its Bug Bounty program over the last 15 years, Meta said the researchers asked for a product that would help them investigate WhatsApp-specific technologies better, and in response, it built WhatsApp Research Proxy.
Describing it as a “tool that makes research into WhatsApp’s network protocol more effective”, Meta said it will be available to “some of our long-time bug bounty researchers”, who will not only use the tool, but provide feedback to help improve it. More researchers will be invited to test the tool as time goes by, Meta added, and stressed that the goal is to release the tool publicly in the future. No exact dates were mentioned, though.
Expanding bug bounty programs
Meta also announced it would be expanding its specialized research pilot. Earlier this year, the company launched a pilot to help accelerate collaboration in particular areas – but just with researchers with proven credentials.
Now, Meta is looking to expand this partnership by incentivizing research “beyond traditional security vulnerabilities”.
As part of this expansion, Meta is now inviting research teams to focus on abuse issues with dedicated internal engineering support and tooling, all with the goal of lowering the barrier of entry for academics and other searchers who might not be as familiar with bug bounty programs.
The company that owns Facebook, Instagram, WhatsApp, and a few other platforms, said it received around 13,000 submissions to its bug bounty program in 2025. It validated almost 800 reports, for which it made cumulative payments of more than $4 million.
Some of the worst bugs that were fixed through the program include a method that allowed mass WhatsApp account enumeration, an incomplete validation issue, and different arbitrary code execution bugs.
Via The Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
