SYSTEM Cited by 1 source
Kaleidoscope (WhatsApp)¶
Kaleidoscope is WhatsApp's collective name for the ensemble of format-checks that run on media and attachments shared through the app — a layered app-layer defense designed to blunt malware that arrives inside otherwise-benign file types (images, video, PDFs). It sits on top of wamedia (Rust-rewritten, cross-platform) and is a canonical concepts/defense-in-depth instance on the client-side / media-processing axis — "this layer of defense helps mitigate many of them" despite "format checks will not stop every attack."
The four check families¶
- Non-conformant-structure detection on specific file types, to "help protect downstream libraries from parser differential exploit attempts." Stagefright-class: block files that the WhatsApp-app parses successfully but that would crash / exploit an unpatched OS library on the receiver. Canonical patterns/format-aware-malware-check-before-os-handoff instance; sharpens concepts/parser-differential into "the app rejects inputs that produce divergence against the downstream unpatchable parser."
- Risk-indicator checks inside higher-risk file types. Meta names PDFs: "PDFs are often a vehicle for malware, and more specifically, the presence of embedded files and scripting elements within a PDF further raise risks." Checks extract structural signals (embedded-file count, JavaScript, form actions) and use them as risk inputs.
- File-type spoofing detection — "we also detect when one file type masquerades as another, through a spoofed extension or MIME type." Matches declared extension/MIME against content bytes; mismatch is a signal.
- Known-dangerous-type uniform flagging — executables and applications "are flagged for special handling in the application UX." Disambiguates the UX path for types that are inherently risky to open on the receiver.
Why it matters¶
The forcing function is the OS-library vulnerability being outside the app's patching authority — Meta learned in 2015 that because Stagefright lay in OS-provided libraries, "WhatsApp and other applications could not patch the underlying vulnerability"; and because of concepts/patch-lag, waiting for users to update the OS was not fast enough. Kaleidoscope is the architectural response: defend at the app layer before untrusted bytes reach libraries the app cannot patch.
Unofficial-client + attachment protection¶
Meta calls out the two attack surfaces Kaleidoscope protects against: "potentially malicious unofficial clients and attachments." The format-check layer helps even when an attacker has a cooperating unofficial client that skips or subverts other client-side defenses.
Seen in¶
- sources/2026-01-28-meta-rust-at-scale-an-added-layer-of-security-for-whatsapp — canonical wiki source. Names the four check families; frames the 2015 Stagefright forcing function; honest "won't stop every attack" caveat.
Related¶
- systems/whatsapp-wamedia — substrate wamedia the checks live in.
- systems/whatsapp — host product.
- systems/messenger, systems/meta-instagram — sibling Meta products also running wamedia.
- concepts/defense-in-depth — the discipline Kaleidoscope instantiates at the media-app layer.
- concepts/parser-differential — the attack class the non-conformance check addresses.
- concepts/format-conformance-check — the primitive check family.
- concepts/file-type-spoofing — detected at check (3).
- concepts/os-library-vulnerability-ungovernable — the forcing function.
- patterns/format-aware-malware-check-before-os-handoff — the pattern Kaleidoscope canonicalises.
- companies/meta