SYSTEM Cited by 1 source

WhatsApp Research Proxy

The WhatsApp Research Proxy is a Meta-published tool introduced via the 2025 Bug Bounty 15th anniversary expansion, described by Meta as "a tool that makes research into WhatsApp's network protocol more effective." It is Meta's canonical wiki instance of a vendor-published research proxy — a bug-bounty research proxy that intentionally lowers the barrier for external security researchers to study a proprietary protocol.

Purpose

The proxy makes WhatsApp's network protocol accessible to researchers who might otherwise be unable (or unwilling, due to ToS concerns) to intercept traffic from a running WhatsApp client. By publishing a first-party tool for this purpose, Meta:

• Expands the effective attack-surface-review headcount beyond its internal team via bug bounty participants.
• Makes the researcher experience reproducible — everyone works against the same proxy, with the same affordances.
• Separates "poking at the protocol" (encouraged) from "probing production infra" (disallowed) by concentrating researcher traffic at a controlled endpoint.

This sits within a broader Meta application-security posture that also includes external audits (NCC Group's public assessment of WhatsApp's end-to-end encrypted backups), fuzzing, static analysis, supply-chain management, and automated attack-surface analysis.

Seen in

• sources/2026-01-28-meta-rust-at-scale-an-added-layer-of-security-for-whatsapp — canonical wiki source. Introduced as part of the application-security posture discussion accompanying the wamedia Rust-rewrite announcement.

Related

• systems/whatsapp — host product.
• patterns/bug-bounty-research-proxy — the canonical wiki pattern.
• companies/meta