- Meta launches WhatsApp Research Proxy to assist in bug bounty investigations into WhatsApp protocols
- Specialized Investigation Pilot Expands to Include Abuse Issues with Tools and Engineering Support
- In 2025, Meta validated ~800 reports and paid $4 million for critical bug fixes.
Meta has introduced new tools to help cybersecurity researchers find bugs in WhatsApp.
In a new blog post about the success of its Bug Bounty program over the past 15 years, Meta said researchers asked for a product to help them better investigate specific WhatsApp technologies, and in response, created WhatsApp Research Proxy.
Describing it as a “tool that makes research on WhatsApp’s network protocol more effective,” Meta said it will be available to “some of our long-time bug bounty researchers,” who will not only use the tool but also provide feedback to help improve it. More researchers will be invited to test the tool as time goes on, Meta added, emphasizing that the goal is to release the tool publicly in the future. However, no exact dates were mentioned.
Expanding bug bounty programs
Meta also announced that it would expand its specialized research pilot. Earlier this year, the company launched a pilot to help accelerate collaboration in particular areas, but only with researchers with proven credentials.
Now, Meta is looking to expand this partnership by encouraging research “beyond traditional security vulnerabilities.”
As part of this expansion, Meta is now inviting research teams to focus on abuse issues with dedicated internal engineering tools and support, all with the goal of lowering the barrier to entry for academics and other searchers who might not be as familiar with bug bounty programs.
The company that owns Facebook, Instagram, WhatsApp and some other platforms said it received around 13,000 submissions to its bug bounty program in 2025. It validated nearly 800 reports, for which it made cumulative payments of more than $4 million.
Some of the worst bugs that were fixed by the program include a method that allowed mass enumeration of WhatsApp accounts, an incomplete validation issue, and various arbitrary code execution errors.
Through Hacker News
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
