WhatsApp’s engineering team has rewritten its media handling library in Rust, cutting the codebase from 160,000 lines of C++ down to 90,000 lines while adding memory safety protections. The library runs on billions of devices, such as Android phones, iPhones, desktops, watches, and web browsers, making this one of the largest client-side deployments of Rust code to date.
The effort traces back to 2015’s Stagefright vulnerability, which showed how attackers could hide malware inside seemingly innocent image or video files. Those malicious files targeted bugs in Android’s media libraries, and apps like WhatsApp couldn’t patch the underlying OS. At the time, WhatsApp had a C++ library called “wamedia” that checked MP4 files for conformance issues before sending them. The company realized this code was handling untrusted data from potentially hostile sources, which made it an obvious target for a memory-safe rewrite.
(Source: Engineering at Meta – Security & Privacy blog post)
While Meta’s deployment is unprecedented in scale, the strategy follows a path blazed by Mozilla as principal engineer, Andrew Lilley Brinker, noted in a Bluesky post:
People may know Mozilla bankrolled Rust for a lot of its early development, but might not know the first Rust component shipped in Firefox was an mp4 parser back in 2016!
A response to the same Stagefright-era realizations about the inherent dangers of C++ media handling when processing untrusted binary data.
WhatsApp didn’t do this incrementally. They built the entire Rust version alongside the C++ code. The team used differential fuzzing and extensive integration testing to validate compatibility between both versions before transitioning. WhatsApp software engineer Daniel Sommermann, and Baojun Wang explained that the strategy delivered both performance gains and reduced memory usage compared to the original C++ code.
Binary size became a real problem. The blog post mentions that the Rust standard library initially increased file sizes, but doesn’t detail the solution. In a Hacker News thread, WhatsApp engineer Daniel Sommermann explained the work involved:
We invested a lot into build system optimizations to bring this number down over time, although we did accept on the order of 200 KiB size overhead initially for the stdlib.” The team moved from Gradle, CMake, and Cargo to Buck2, which Sommermann said “has helped tremendously to bring the size down, for instance by improving LTO and getting the latest clang toolchain optimizations.
The library has grown beyond basic format validation. WhatsApp calls this expanded system “Kaleidoscope.” It looks for suspicious patterns: PDFs containing embedded files or scripts, file extensions that don’t match the actual content, and executable files disguised as images. When it spots something risky, it flags it in the UI. These checks won’t catch every attack, but they block a lot of common exploit techniques.
Meta claims this is the biggest deployment of a Rust library to end-user devices they’re aware of. Every month, the code ships to billions of devices through WhatsApp, Messenger, and Instagram—spanning phones, laptops, desktops, smartwatches, and web browsers across different operating systems.
Furthermore, in the Hacker News thread, others discussed the technical details. Cong-or, for instance, pointed out why binary size matters here:
On servers the Rust stdlib overhead usually doesn’t matter, but when you’re shipping to billions of mobile devices, every KB counts. Good to see they invested in build tooling instead of just accepting the bloat.
Another storystarling focused on the testing approach:
The hardest part of a rewrite like this is usually maintaining bug-for-bug compatibility with the legacy parser rather than the actual Rust implementation.
WhatsApp’s security approach runs on three tracks: cut down the attack surface where possible, shore up the remaining C and C++ code with things like control-flow integrity and hardened allocators, and use memory-safe languages for anything new. Developers working in C and C++ get specialized security training and their code goes through automated analysis. The company has strict deadlines for fixing issues that turn up.
Meta’s security teams are now pushing Rust adoption to other groups inside the company, and they expect the pace to accelerate over the next few years. The move mirrors what’s happening across the industry. Google reported in its November 2025 security blog that Rust code in Android drove memory safety vulnerabilities down from 76 percent of all bugs in 2019 to below 20 percent by late 2025, a shift the company attributed directly to replacing C and C++ with Rust for new code. Chrome has also shipped Rust libraries for font rendering and image decoding, while Microsoft has been rewriting Windows components in the language since 2023.
