Even a seemingly simple engineering task, such as updating an API, can become a monumental task when dealing with millions of lines of code and thousands of engineers, especially when the changes are security-related. Nowhere is this more evident than in mobile security. In mobile security, a single class of vulnerabilities can be replicated across hundreds of calling sites spread across a sprawling multi-app codebase serving billions of users.
Meta’s product security team has developed two strategies to address this.
- Design a framework that is secure by default, wrapping potentially insecure Android OS APIs and making the secure path the easiest path for developers.
- Leverage generative AI to automate large-scale migrations of existing code to these frameworks.
The result is a system that can propose, validate, and submit security patches across millions of lines of code with minimal effort to the engineers who own the patches.
In this episode of the Meta Tech Podcast, Pascal Hartig speaks with Alex and Tanu from Meta’s Product Security team about the challenges and lessons learned from working to secure Meta’s mobile framework at a scale that few companies have seen before. Watch this episode to explore the fascinating intersection of security, automation, and AI in mobile development.
Download or watch the episode below.
If you get the podcast, you can still find episodes like this:
The Meta Tech Podcast is a podcast brought to you by Meta that explores the work our engineers do at every level, from low-level frameworks to end-user functionality.
Instagram, Threads, or ×.
To learn more about career opportunities at Meta, please visit our Meta Careers page.
