WhatsApp Private Processing
Max payout:
$300k*
Guidelines
These guidelines relate to bugs in the Trusted Execution Environment (TEE) that supports WhatsApp Private Processing.
Payouts
TEE runtime attacks
up to
$300k*
Maximum payouts
Code execution - Vulnerabilities that enable to achieve RCE within TEE, this includes bypassing code attestation.
up to $300k* |
Privilege escalation - Vulnerabilities that enable elevation of privileges.
up to $300k* |
Data leaks - Vulnerabilities that cause data to be leaked (e.g. external storage, or memory leaks that contain user data).
up to $150k* |
VM escape
up to
$300k*
Maximum payouts
Vulnerabilities that enable escapes to the host.
up to $300k* |
Persistence
up to
$10k*
Maximum payouts
Vulnerabilities that enable a malicious user to persist access to a workload.
up to $10k* |
Additional Considerations
The above payouts are based on attack scenarios involving external threat actions, vulnerabilities limited to internal attack scenarios will follow the guidelines displayed in the table below.
| Category | Subcategory | Payout |
| TEE runtime attacks | Code execution | up to $50k* |
| TEE runtime attacks | Privilege escalation | up to $50k* |
| TEE runtime attacks | Data leaks | up to $50k* |
| VM escape | N/A | Persistence | up to $5k* |
Private Processing Q&A
Is WhatsApp’s Private Processing feature in scope for the Meta Bug Bounty program?
Yes. The Private Processing system—including its use of Trusted Execution Environments (TEEs), attestation infrastructure, remote auditing mechanisms, and verifiable transparency—is in scope for the Bug Bounty program. We encourage security researchers to evaluate both the cryptographic assumptions and implementation security of this feature.
What are the key security components of WhatsApp’s Private Processing system that can be tested?
Key components include:
- The Trusted Execution Environment (TEE) used to process user data privately.
- The remote attestation mechanisms ensure code integrity and versioning.
- The cryptographic protections surrounding data ingress/egress.
- The client-side enforcement of “Advanced Chat Privacy” settings.
- The verifiable transparency mechanisms that publicly document changes or failures in the secure enclave.
What types of vulnerabilities are eligible for bounty under Private Processing?
Eligible vulnerabilities include:
- Bypass of data isolation within the TEE.
- Forged or replayed attestation results.
- Extraction of user content from the Private Processing path.
- Weaknesses in transparency mechanisms (e.g., corrupt public logs).
- Exploits that undermine the optional nature of the feature (e.g., enabling AI features for non-consenting users).
All issues must demonstrate a realistic attack vector under adversarial conditions.
How can researchers verify the integrity or behavior of the Private Processing system?
Meta is providing a remote attestation endpoint that researchers can use to verify the build hash and policy of deployed TEEs. Researchers can validate that the running environment matches the open-source reference implementations and disclosed configurations. Verification scripts and examples may be published to assist in this process.
Are there open-source components of Private Processing available for inspection?
Components of the Private Processing system, such as policy definitions and attestation reference code, are expected to be open-sourced. Researchers are encouraged to compare these references with live system behavior and report discrepancies.
How do I report issues related to Private Processing securely and responsibly?
Submit your findings through the Meta Bug Bounty submission portal under the “WhatsApp” product. Include all reproduction steps, proofs-of-concept, and attack rationale. Ensure you follow the Private Processing Access Program Terms and avoid any actions that may impact real user data.