By 
Meta, the parent company of WhatsApp and Messenger, has provided more details on its strategy to make these messaging apps interoperable with third-party messaging services, as mandated by the Digital Markets Act (DMA) in the EU. Meta had previously outlined that users could opt into engaging with third-party chats to avoid potential issues such as spam and scams. While stating that third parties would need to sign an agreement, the specific details were not disclosed until now. Meta has also announced its intention to encourage third parties to adopt the Signal protocol, with potential exceptions if alternative protocols offer similar security guarantees.
Meta emphasizes that third-party developers will only be permitted to use a protocol other than Signal if they can demonstrate it provides equivalent security assurances. The company underscores the benefits of the Signal protocol, already used by WhatsApp and Messenger for encryption. Although Messenger is still in the process of defaulting to end-to-end encryption (E2EE), WhatsApp has had E2EE as the default setting since 2016. Given that Signal is regarded as the “current gold standard” for E2EE chats, Meta expresses a preference for third parties to align with the same protocol.
The company outlines the technical aspects of how encryption will function, involving the creation of encrypted message protobuf structures by third parties, which are then packaged into message stanzas utilizing XML. Meta’s servers will push messages to connected clients using a persistent connection. Third-party providers connecting with Meta will be responsible for hosting any image or video files sent to Meta’s users. Meta’s messaging clients will download encrypted media from third-party messaging servers via a Meta proxy device.
While Meta assures users that it has built a secure solution to protect messages in transit using the Signal protocol, it notes that it cannot guarantee how a third-party provider will handle sent or received messages. This statement suggests that Meta may leverage potential security concerns around third-party messaging interoperability to retain user engagement within Meta’s messaging services.
Meta emphasizes that its solution, built on the existing client/server architecture, offers the best approach, lowering barriers for new entrants. However, this approach positions Meta as the arbiter of rules and determiner of interoperability, raising potential concerns about control and competition. Meta acknowledges the possibility of an alternative approach that removes the requirement for third parties to implement WhatsApp’s client-to-server protocol, but this would necessitate additional protections to safeguard Meta’s users from spam and scams.
In addition to adopting the Signal protocol, Meta specifies that third-party providers must sign an agreement with Meta or WhatsApp for interoperability. The Reference Offer for third-party providers on WhatsApp is already published, and the Reference Offer for Messenger will soon follow.
Comments