Even seemingly simple engineering tasks – like updating an API – can become monumental undertakings when you’re dealing with millions of lines of code and thousands of engineers, especially if the changes are security-related. Nowhere is this more evident than in mobile security, where a single vulnerability class can be replicated across hundreds of call sites scattered across a sprawling multi-app codebase serving billions of users.

Meta’s product security team has developed a two-pronged strategy to address this issue:

• Designing secure-by-default frameworks that wrap potentially insecure Android OS APIs, making the secure path the easiest path for developers, et
• Use generative AI to automate the migration of existing code to these frameworks at scale.

The result is a system that can propose, validate, and submit security patches across millions of lines of code with minimal effort from the engineers who own them.

In this episode of the Meta Tech Podcast: Pascal Hartig speaks with Alex and Tanu from Meta’s product security team about the challenges and lessons learned on the journey to making Meta’s mobile frameworks more secure to a degree that few companies have ever experienced. Tune in to this episode and join us as we explore the exciting intersections of security, automation and AI in mobile development.

Download or listen to the episode below:

You can also find the episode wherever you get your podcasts, y compris:

Le Meta Tech Podcast is a podcast from Meta where we highlight the work of Meta engineers at all levels – from low-level frameworks to end-user features.

Send us feedback Instagram, Topicsou X.

And if you want to learn more about career opportunities at Meta, visit the Meta Careers page.