SYSTEM Cited by 1 source
WhatsApp wamedia¶
wamedia is WhatsApp's cross-platform media library. Originally written in C++ to send and consistently format MP4 files, it was modified after the 2015 Stagefright vulnerability to detect files that do not adhere to the MP4 standard and might trigger bugs in vulnerable OS media libraries on the receiver side — shipping a WhatsApp-layer mitigation when the underlying OS bug could not be patched by the app.
Meta disclosed (2026-01-27) that wamedia has been rewritten from C++ to Rust — 90,000 lines of Rust (including tests) replacing 160,000 lines of C++ (excluding tests) — and rolled out to all WhatsApp users across Android, iOS, Mac, Web, Wearables, and more, with performance and runtime-memory-usage advantages over the C++ baseline. Each month, the Rust build ships to "billions of phones, laptops, desktops, watches, and browsers" via WhatsApp, Messenger, and Instagram — "the largest ever deployment of Rust code to a diverse set of end-user platforms and products that we are aware of."
wamedia is the substrate that Kaleidoscope — WhatsApp's ensemble of format-conformance, risk-indicator, file-type-spoof, and dangerous-type checks — runs on top of.
Why a memory-safe language¶
Because wamedia "checks run automatically on download and process untrusted inputs," Meta identified it "early on" as "a prime candidate for using a memory safe language." Canonical patterns/memory-safe-language-for-untrusted-input framing.
How the rewrite was done¶
Meta chose parallel rewrite rather than incremental port: "Rather than an incremental rewrite, we developed the Rust version of wamedia in parallel with the original C++ version. We used differential fuzzing and extensive integration and unit tests to ensure compatibility between the two implementations." Canonical patterns/parallel-rewrite-with-differential-testing + concepts/differential-fuzzing instance.
Disclosed hurdles¶
- Initial binary-size increase from the Rust standard library — relevant on mobile where APK/IPA size is a distribution-channel constraint (concepts/binary-size-bloat).
- Build-system support for the diverse platforms WhatsApp supports — "a long-term bet to build that support." Canonical concepts/cross-platform-client-library tax.
Outcomes¶
| Axis | Outcome |
|---|---|
| Lines of code | 90K Rust (with tests) vs 160K C++ (without tests) |
| Performance | Rust "advantages" (qualitative) |
| Runtime memory | Rust "advantages" (qualitative) |
| Platforms | Android, iOS, Mac, Web, Wearables |
| Products consuming | WhatsApp, Messenger, Instagram |
| Scale | Billions of client installs receive the library monthly |
Seen in¶
- sources/2026-01-28-meta-rust-at-scale-an-added-layer-of-security-for-whatsapp — canonical wiki source. Parallel C++→Rust rewrite with differential fuzzing; global rollout; code-size inversion; Stagefright-forcing-function backstory; Kaleidoscope as the check ensemble wamedia hosts.
Related¶
- systems/whatsapp — host product.
- systems/whatsapp-kaleidoscope — check ensemble wamedia runs.
- systems/messenger, systems/meta-instagram — sibling Meta products that ship the rewritten wamedia.
- concepts/memory-safety — language-choice axis.
- concepts/parser-differential — attack class wamedia's MP4-conformance check blocks at the app layer before OS handoff.
- concepts/cross-platform-client-library — wamedia's design axis.
- patterns/parallel-rewrite-with-differential-testing — how the rewrite was done.
- patterns/memory-safe-language-for-untrusted-input — why the rewrite was done.
- patterns/format-aware-malware-check-before-os-handoff — what wamedia/Kaleidoscope do architecturally.
- companies/meta