Rust at Scale: An Added Layer of Security for WhatsApp

Original Article ↗ Hacker News Discussion ↗

Scope and nature of the Rust rollout

  • Thread notes WhatsApp’s claim of the “largest Rust rollout,” with some skepticism: Android itself and Chromium already ship Rust widely, and Chrome’s font/rendering stack is cited as a competing example.
  • Clarification that WhatsApp doesn’t use the Rust libsignal library; historically it used the C version on some platforms.

Rewrite strategy and compatibility

  • Commenters praise the parallel rollout and differential fuzzing: running old C++ and new Rust implementations side by side is seen as a realistic way to avoid “rewrite and pray.”
  • Maintaining permissiveness for malformed media is highlighted as a key challenge: strict parsers may reject “broken but working” user files, so fuzzing against the legacy implementation is crucial.

Binary size and build tooling

  • Rust stdlib overhead (a few hundred KB per binary) is discussed as a real but manageable issue, especially on billions of mobile devices.
  • People speculate about techniques used: no_std, LTO, linker optimization, custom build systems (Buck2), and avoiding duplicate stdlib copies in mixed C++/Rust dependency stacks.
  • A WhatsApp engineer mentions accepting ~200 KiB overhead initially and later reducing it via build system and toolchain optimizations.

Rust’s reliability vs C++

  • Many bugs being memory-related surprises some readers. Others stress Rust’s added benefits beyond memory safety: no undefined behavior (outside unsafe), stronger types, and safer error handling.
  • Misuse of unwrap()/panics in production is criticized; panics are framed as for “impossible” cases, not normal error paths.

Critique of the blog post

  • Several see the article as PR/recruiting, similar to Android’s Rust posts, with limited technical depth.
  • Missing details called out: supply-chain risk management for Rust crates, cross-language integration strategy, and how much (if any) AI coding assistance was used.
  • Others defend such posts as necessary to build industry confidence in Rust.

Security, E2EE, and trust in Meta

  • Strong skepticism about Meta’s trustworthiness coexists with reminders that “end-to-end encryption” has a formal IETF definition that WhatsApp’s protocol aims to meet.
  • Multiple commenters note that even with E2EE, compromised apps, targeted builds, and legal compulsion can still enable surveillance, so users are ultimately trusting the vendor.

WhatsApp’s global dominance and ecosystem concerns

  • Several comments emphasize WhatsApp’s ~3B-user footprint and its centrality in many countries, especially outside the US.
  • Others resist using it for ethical/privacy reasons and worry about lock-in, spam/ads, and “enshittification.”
  • Proposed remedies include building better alternatives, enforcing interoperability and protocol-level openness, and cautioning businesses about depending on WhatsApp’s opaque APIs and policies.