Private Processing Bounty Guidelines

Guidelines

These guidelines relate to bugs in the Trusted Execution Environment (TEE) that supports WhatsApp Private Processing.

Payouts

TEE runtime attacks

up to

$300k*

Maximum payouts

Code execution - Vulnerabilities that enable to achieve RCE within TEE, this includes bypassing code attestation.

up to

$300k*

Privilege escalation - Vulnerabilities that enable elevation of privileges.

up to

$300k*

Data leaks - Vulnerabilities that cause data to be leaked (e.g. external storage, or memory leaks that contain user data).

up to

$150k*

VM escape

up to

$300k*

Maximum payouts

Vulnerabilities that enable escapes to the host.

up to

$300k*

Persistence

up to

$10k*

Maximum payouts

Vulnerabilities that enable a malicious user to persist access to a workload.

up to

$10k*

Additional Considerations

The above payouts are based on attack scenarios involving external threat actions, vulnerabilities limited to internal attack scenarios will follow the guidelines displayed in the table below.

Category	Subcategory	Payout
TEE runtime attacks	Code execution	up to $50k*
TEE runtime attacks	Privilege escalation	up to $50k*
TEE runtime attacks	Data leaks	up to $50k*
VM escape		N/A
Persistence		up to $5k*

Private Processing Q&A

Is WhatsApp’s Private Processing feature in scope for the Meta Bug Bounty program?

Yes. The Private Processing system—including its use of Trusted Execution Environments (TEEs), attestation infrastructure, remote auditing mechanisms, and verifiable transparency—is in scope for the Bug Bounty program. We encourage security researchers to evaluate both the cryptographic assumptions and implementation security of this feature.

What are the key security components of WhatsApp’s Private Processing system that can be tested?

Key components include:

The Trusted Execution Environment (TEE) used to process user data privately.
The remote attestation mechanisms ensure code integrity and versioning.
The cryptographic protections surrounding data ingress/egress.
The client-side enforcement of “Advanced Chat Privacy” settings.
The verifiable transparency mechanisms that publicly document changes or failures in the secure enclave.

What types of vulnerabilities are eligible for bounty under Private Processing?

Eligible vulnerabilities include:

Bypass of data isolation within the TEE.
Forged or replayed attestation results.
Extraction of user content from the Private Processing path.
Weaknesses in transparency mechanisms (e.g., corrupt public logs).
Exploits that undermine the optional nature of the feature (e.g., enabling AI features for non-consenting users).

All issues must demonstrate a realistic attack vector under adversarial conditions.

How can researchers verify the integrity or behavior of the Private Processing system?

Meta is providing a remote attestation endpoint that researchers can use to verify the build hash and policy of deployed TEEs. Researchers can validate that the running environment matches the open-source reference implementations and disclosed configurations. Verification scripts and examples may be published to assist in this process.

Are there open-source components of Private Processing available for inspection?

Components of the Private Processing system, such as policy definitions and attestation reference code, are expected to be open-sourced. Researchers are encouraged to compare these references with live system behavior and report discrepancies.

How do I report issues related to Private Processing securely and responsibly?

Submit your findings through the Meta Bug Bounty submission portal under the “WhatsApp” product. Include all reproduction steps, proofs-of-concept, and attack rationale. Ensure you follow the Private Processing Access Program Terms and avoid any actions that may impact real user data.