Facebook Engineering


Meta's Product Security team built a two-pronged approach to mobile security at scale: creating secure-by-default frameworks that wrap unsafe Android OS APIs, and using generative AI to automate migration of existing code to those frameworks. The system can propose, validate, and submit security patches across millions of lines of code with minimal friction. This Meta Tech Podcast episode features engineers from the Product Security team discussing the challenges and lessons learned from this large-scale security automation effort.

Patch Me If You Can: AI Codemods for Secure-by-Default Android Apps