In June, WhatsApp launched its first research award opportunity on privacy-aware program analysis. Today, we’re announcing the winners of that award.

Over 2 billion people in more than 180 countries use WhatsApp to stay in touch with friends and family, anytime and anywhere. Privacy and security are complex areas comprising a wide range of angles. In September, WhatsApp funded two research proposals in the area of app attestation as part of a larger Meta investment in security research. “We truly understand the importance of academic research. Academic research is the cradle of innovation in security technologies,” said Attaullah Baig, Head of Security for WhatsApp. “We see this as the starting point for solving some of the hardest problems in computer security.”

Through the WhatsApp Privacy Aware Program Analysis RFP, we hope to build strong partnerships with experts in academia to solve program analysis research questions based on real-world privacy applications. “Privacy is in WhatsApp’s DNA, and program analysis is a fundamental research area for being able to ensure software meets our high privacy standards,” said Dino Distefano, Director of Engineering for WhatsApp. “This field is still in its infancy, and we know that we alone cannot solve all its challenging questions. Advancing techniques in program analysis requires theoretical and foundational work, and the academic community is best placed for making strides on these kinds of complex research explorations.”

The RFP attracted 62 proposals from 52 universities and institutions around the world. “We are very excited for the stellar proposals we received, and we are looking forward to collaborating with world-leading researchers in the field,” added Distefano.

Research award recipients

Principal investigators are listed first unless otherwise noted.

A deductive verification infrastructure for probabilistic program
Joost-Pieter Katoen, Philipp Schroer (RWTH Aachen University)

Automated generation and detection of exploits via incorrectness logic
Azalea Raad (Imperial College London)

Finding deep functional bugs via domain-aware fuzzing
Nicolas Wu, Alastair Donaldson (Imperial College London)

Gradual session types for privacy (GAINER)
Marco Carbone, Alessandro Bruni (IT University of Copenhagen)

Privacy program analysis by abstract interpretation
Patrick Cousot (New York University), Francesco Ranzato (University of Padova), Roberto Giacobazzi (University of Verona)

Scalable, static taint analysis for Core Erlang
Steven Ramsay (University of Bristol)

Finalists

Detecting and mitigating privacy exposures in system runtime logs
Heng Li (Polytechnique Montréal), Soumaya Cherkaoui (Université de Sherbrooke), Weiyi Shang (Concordia University)

End-to-end privacy-aware programming with privacy linting
Malte Schwarzkopf, Shriram Krishnamurthi (Brown University)

Modular OO vulnerability detection via class variants
Quang Loc Le (University College London)

Partial control-flow linearization against side channels
Fernando Magno Quintao Pereira (Universidade Federal de Minas Gerais)

PII watchdog: Detecting data minimization principle violations
Martin Johns (TU Braunschweig)

Semantics-based slicing of probabilistic programs
Thomas Noll (RWTH Aachen University)