15 June 2022

WhatsApp announces first research award opportunity on privacy-aware program analysis

By: Meta Research

Today, WhatsApp launched its first request for proposals (RFP) in program analysis for privacy. This RFP closes on July 25, and the team aims to award proposals that address fundamental problems around verifying that software satisfies given privacy properties. For information about RFP timing, eligibility, and proposal requirements, visit the link below.

View RFP

To learn more about this new RFP, we reached out to Dino Distefano, an Engineering Manager at WhatsApp. In this Q&A, Distefano discusses his role at WhatsApp, program analysis research at WhatsApp, the inspiration behind this new RFP, and more.

Q: What is your role at Meta, and what does your team do?

Dino Distefano: I’m an Engineering Manager within WhatsApp. My team builds developer tools and infrastructure to help WhatsApp engineers write more reliable, secure, and privacy-oriented code. Our tooling improves developer efficiency, as our engineers can build important product features without compromising on quality, security, and privacy.

Before Meta, I was a full-time academic at Queen Mary University of London, and I co-founded Monoidics Ltd., a London-based startup providing program analysis to safety-critical industries. Monoidics was acquired by Meta in 2013. I maintain a part-time professor position at Queen Mary University of London.

Q: What does program analysis research look like at WhatsApp?

DD: Over two billion people in more than 180 countries use WhatsApp. Our mission is to connect the world privately. To provide that privacy at scale, we have made substantial enhancements in-house by developing technology on program analysis for privacy.

Moreover, we use program analysis hundreds of times a day, at every code change, to warn developers of possible bugs in their code. WhatsApp’s unique use case requires our program analysis technology to be scalable to many millions of lines of code, fast (it should take only a few minutes), and very precise (it should report developers’ real, actionable issues).

We constantly work on new techniques to make program analysis more scalable, faster, more precise, and effectively applicable on industrial-level code.

Q: What’s the goal of this RFP?

DD: Advancing techniques in program analysis often requires theoretical/foundational work, and university researchers are better suited for studying those kinds of questions. This RFP aims to sponsor collaboration between WhatsApp researchers and university researchers to work on important issues that WhatsApp cannot focus on but that the whole program analysis community will benefit from having resolved.

Q: What inspired this RFP?

DD: At WhatsApp, we are working on several program analyses for privacy. In doing that, we encounter lots of interesting research questions based on real-world privacy applications. We thought it would be beneficial to share those questions with academic researchers in the field and join forces.

Q: How does this RFP fit into the bigger picture of security and privacy specific research at WhatsApp?

DD: At WhatsApp, privacy is in our DNA. Privacy and security are complex areas comprising a wide range of angles. This RFP focuses on the specific aspect of building detection, prevention, and verification tools for developers. Detection tools help to reveal any existing privacy issues in code.

Prevention tools are safeguards that avoid new privacy issues to be introduced in code. Finally, verification tools check whether code complies with given privacy rules.

Q: Where can people stay updated and learn more?

DD: Learn more about WhatsApp’s approach to security and privacy on our website. Visit the RFP page to stay updated on the progress of the RFP. To receive email notifications about our new research awards and proposal deadlines, subscribe to our email newsletter.

Want to learn more about being an engineer at WhatsApp? Visit our Facebook page.