1 of 37

How WhatsApp fights Spam & Abuse

  • Ritesh Bajaj�(Software Engineer at WhatsApp 2019-2021)

2 of 37

3 of 37

4 of 37

5 of 37

SPAM ON WHATSAPP

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

Unwanted

Commercial

High-volume

Automated

From Malicious Accounts

6 of 37

SPAM ON WHATSAPP

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

Unwanted

Commercial

High-volume

Automated

From Malicious Accounts

7 of 37

SPAM ON WHATSAPP

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

Unwanted

Commercial

High-volume

Automated

From Malicious Accounts

8 of 37

SPAM ON WHATSAPP

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

Unwanted

Commercial

High-volume

Automated

From Malicious Accounts

9 of 37

SPAM ON WHATSAPP

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

Unwanted

Commercial

High-volume

Automated

From Malicious Accounts

10 of 37

REDUCE TO EASIER PROBLEM

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

Spam?

Spam account? (No passwords = no ATO)

Automated? (High-volume = automated)

Spam client? (automated = script or emulator)

Faster

Less effective

11 of 37

GENERAL WORKFLOW

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

Action

Classify

Allow? Ban?

user age: 3 hours

# messages 30sec: 2

12 of 37

GENERAL WORKFLOW

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

Action

Allow? Ban?

user age: 3 hours

# messages 30sec: 2

Classify

13 of 37

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

TRAINING DATA

Features

Label

user age=5280 days, # messages 30sec=0…

Ham

user age=2 minutes, # messages 30sec=10…

Spam

user age=3 months, # messages 30sec=2…

Ham

14 of 37

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

TRAINING DATA

Features

Label

user age=5280 days, # messages 30sec=0…

???

user age=2 minutes, # messages 30sec=10…

???

user age=3 months, # messages 30sec=2…

???

15 of 37

TRAINING LABELS

Need source of truth for labels in classifier training

Multiple mechanisms: (I will mention top 3)

People we eventually caught

“Spam App” detection

Manually label cluster

(Users writing to WhatsApp support etc..)

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

16 of 37

TRAINING LABELS

Need source of truth for labels in classifier training

Multiple mechanisms: (I will mention top 3)

People we eventually caught

“Spam App” detection

Manually label cluster

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

17 of 37

TRAINING LABELS

Need source of truth for labels in classifier training

2 mechanisms:

People we eventually caught

“Spam App” detection

Manually label cluster

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

18 of 37

19 of 37

20 of 37

?

Server

21 of 37

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

SPAM VENDORS STOPPED

22 of 37

TRAINING LABELS

Need source of truth for labels in classifier training

Multiple mechanisms:

People we eventually caught

Spam App detection

Manually label clusters

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

23 of 37

Clustered on similar profile picture

Number

Profile_pic

Spam reports

+7-xxxxxxx

4

+7-xxxxxxx

0

+7-xxxxxxx

10

+7-xxxxxxx

2

24 of 37

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

TRAINING DATA

Features

Label

user age=5280 days, # messages 30sec=0…

Ham

user age=2 minutes, # messages 30sec=10…

Spam

user age=3 months, # messages 30sec=2…

Ham

25 of 37

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

TRAINING DATA

Features

Label

???

Ham

???

Spam

???

Ham

26 of 37

BEHAVIORAL FEATURES

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

How do spammers generate actions?

How do others respond to those actions?

Classify this behavior - no access to content is fine

27 of 37

FEATURES: REPUTATIONAL

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

"How many people have been seen on your ASN?

What % are banned?"

28 of 37

FEATURES: REPUTATIONAL

"How many people have been seen on your ASN?

What % are banned?"

ASN:

20 total

12 banned

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

29 of 37

FEATURES: REPUTATIONAL

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

"How many people have been seen on your Netblock?

What % are banned?"

ASN:

20 total

12 banned

Netblock: 8 total

5 banned

30 of 37

FEATURES: REPUTATIONAL

"How many people have been seen on your Phone Prefix?

What % are banned?"

ASN:

20 total

12 banned

Netblock: 8 total

5 banned

Phone Prefix: 30 total

23 banned

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

31 of 37

FEATURES: REPUTATIONAL

"How many people have been seen on your ASN?

What % are banned?"

Generalize “ASN”: “netblock”, “phone number prefix”, etc

Generalize “banned”: “reported as spam”, etc

Forces attacker to buy more things

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

32 of 37

FEATURES: PROBABILITY

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

“Probability that someone with phone country code X is seen from network country Y

Generalize each (carrier, language, etc)

33 of 37

Built on META ML INFRA

  • Dataswarm: Pipelines written in Python, (pull data, train model, deploy to production) trained daily, weekly etc

  • Sigma - Fighting Spam with Haskell

  • Scuba - Database for real-time analysis�
  • No feature store: Just a key-value store

  • Labelling System, A/B testing etc

34 of 37

What kind of models do we run

  • Spam report classification: Content classification. NLP model (like BERT etc), image classification, video classification, audio-to-text classification etc

  • Behaviour classification - GBDTs, some Neural Network, NN + GBDT

35 of 37

Inference time Latency matters

  • Few 100ms delay can increase the spam by 20-30%

Defense in depth

  • We have many overlapping models, rules etc running.

36 of 37

YOU DON’T NEED CONTENT FOR SPAM DETECTION

3 keys to success:

Good behavioral features

Good labeling: Spam Reports + Spam App detection

Solid infrastructure

HOW WHATSAPP REDUCED SPAM WHILE LAUNCHING E2E

37 of 37

CREDITS

https://www.youtube.com/watch?v=LBTOKlrhKXk

A talk from my colleague Matt Jones, on how WhatsApp fights spam. Slides were adapted from this talk