Binary size is a real concern on the client side. On servers the Rust stdlib overhead usually doesn’t matter, but when you’re shipping to billions of mobile devices, every KB counts. Good to see they invested in build tooling instead of just accepting the bloat.
Also note that if you statically link to the rust std library, lto will excise the majority of it anyways, no need to rebuild it.
I think that crown currently goes to https://github.com/googlefonts/fontations which is included in Chromium, not sure if it's on all platforms yet. Moreover, the translative dependencies of Fontations (click through https://crates.io/crates/fontations/0.3.0/dependencies) should have an even (slightly) larger install-base.
EDIT: from the quote you can also gather that they don't use https://github.com/signalapp/libsignal
- https://github.com/image-rs/image-png
- https://github.com/webmproject/CrabbyAvif
Whatsapp is a chat application with 3 billion daily active users.
For those of you in the US (where Whatsapp is seldom used), this is a fact worth remembering.
If you want to build products for the rest of the world, you need to know how those users think and breathe - and for 3 billion of them, Whatsapp is how they talk.
(Asking as a European who quite stubbornly refuses to install it - there are dozens of us. Dozens!)
Edit: please don't participate in making WhatsApp even more inescapable as it is today.
I have been trying to get hold of anyone or anything at Whatsapp. I've spent 6 months trying to navigate the bureaucracy. Facebook support claims they can't touch WhatsApp; WhatsApp support ignores the Facebook side. If you're building on WA, have a backup plan.
If any Whatsapp employee reading this can look into my WBA Account 1117362643780814
Send 2 factor verification pins over whatsapp - it is more reliable than SMS and generally there is a better 1:1 mapping between whatsapp accounts and real humans than phone numbers, so it is a good anti-spam or good way to distribute "first month free" type deals whilst keeping abuse low.
Obviously make sure all URL's have info cards properly rendered in Whatsapp for good share-ability.
Every business in Brazil has an whatsapp to talk to their clients. Sometimes this whatsapp goes into the phone or computer of a real human being. Other times, it's manned by a bot (usually a dumb choose-your-own-adventure bot - I don't see business using LLMs for this here)
Indeed I use food delivery apps (ifood here) only to check out the menu of delivery restaurants, then I search for them in Google so I can order directly from them through whatsapp. This won't work for some dark kitchens, but other than that it's pretty reliable and avoid the middleman
I help moderate a community of developers and we hit the whatsapp group limit of 1024 members and sometimes have to wait for someone to leave (intentionally or accidentally) before we can add new members. We've tried to move people onto "better" platforms like Discord or Slack but we always end up coming back to WhatsApp which is subsidized via MNOs (mobile network operators) social media data/internet bundles and for the fact that most people are just stuck on whatsapp.
"phone number, public keys, timestamps, and, if set to public, about text and profile picture. From these data points, the researchers were able to extract additional information, which allowed them to infer a user's operating system, account age, as well as the number of linked companion devices."
See: https://www.univie.ac.at/en/news/press-room/press-releases/d...
They have ads and spam already (sorry, no-consent messages from businesses). This isn’t even new. [0]
There’s a clear pattern, say “we’ve rolled out strict policies”[1] and then… nothing changes on the ground, and TechCrunch writes another “they’ve fixed it” article a year later.[2]
Also their Communities feature has pretty crap UX.
Yes WhatsApp’s pervasive. But if pervasive was the end of the story, we’d all be using ICQ and AOL. The last thing any country needs is to hand over more of their lives to Facebook [sic].
[0] https://techcrunch.com/2022/10/10/in-india-businesses-are-in...
[1] https://techcrunch.com/2024/11/20/whatsapp-will-finally-let-...
[2] https://techcrunch.com/2025/10/17/whatsapp-will-curb-the-num...
I suppose this is true because there's more phones using WhatsApp than there are say Windows 11 PCs.
Given that WhatsApp uses libsignal, is it safe to assume that they haven't been using the Rust library directly?
If you count old Android versions before Rust was added.
They don't say what they did about it, do they? Did they just accept it?
https://github.com/facebook/buck2/commit/4a1ccdd36e0de0b69ee...
https://github.com/facebook/buck2/commit/bee72b29bc9b67b59ba...
Turn out if you have strong control over the compiler and linker instrumentations, there are a lot of ways to optimize binary size
It can be avoided entirely by disabling the standard library, but that's inconvenient, and usually done only when writing for embedded devices.
Usually the problem isn't the size directly, but duplication of Rust dependencies in mixed C++/Rust codebases.
If you end up with a sandwich of build systems (when you have library dependencies like C++ => Rust => C++ => Rust), each Rust/Cargo build bundles its copy of libstd and crates. Then you need to either ensure that the linker can clean that up, or use something like Bazel instead of Cargo to make it see both Rust and C++ deps as part of a single dependency tree.
Wasn't there news lately that they can still read your messages somehow?
If you want to assure me your e2e is secure, there must be at least two clients implemented by different people, with at least one of them opensource.
Whatsapp used to have this, but lately they have cracked down on third party clients.
Do you trust facebook (excuse me, meta) to not snoop on your messages, and to not share them with the "intelligence" agencies ?
No, but I trust some nosy German guy at TU Whatever to spend hours poking at the assembly, find that hidden flag and proudly present it at 40C3.
With enough eyeballs, all source is open (and AI will give us far more eyeballs than we have any idea what to do with).
Sure, you can have different builds distributed to different people, but the NSA can also just do that with Signal, Signal being open source makes it that much easier. FDroid mitigates this somewhat, but it's not like the NSA can't get a fake TLS certificate for their domain and MITM your communications.
The interesting aspects, such as how they protect against supply-chain attacks from the dependency-happy rust toolchain or how they integrated the C++ code with the Rust code on so many platforms - a top challenge as they said - remain a mystery.
Would also be interesting to hear how much AI-driven development they used for this project. My hope’s that AI gets really good at Rust so one doesn’t have to directly interact with the unergonomic syntax.
This and the Google blogs offer zero technical insights and I haven’t learned anything from any of them.
There are standard techniques to help manage this that apply across languages, there's no reason to reinvent that wheel.
> My hope’s that AI gets really good at Rust so one doesn’t have to directly interact with the unergonomic syntax.
"Unergonomic syntax" is the battle cry of many people resisting learning a new language. AIs have progressed far enough that they can help you in that learning process, though.
Not only can AIs help, but they can write most if not all the code and spare the human from learning all the intricacies of individual programming languages. Problem is, reports are contradictory on compatibility with Rust. We know they work great with simpler/friendlier languages like Go or Python.
* No undefined behaviour (outside `unsafe`, which is quite easy to avoid). In C++ there are many many sources of UB that aren't really memory errors directly, e.g. signed integer overflow or forgetting to `return` from a function.
* A much stronger type system.
Those two things have a really significant impact on reliability.
On binary size, static linking with LTO should handle most of the bloat without needing custom stdlib builds.
