Meta offered details on how it plans to roll out interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) takes effect in the European Union.
“This allows users of third-party providers who choose to enable interoperability (interoperability) to send and receive messages with users who have opted in to Messenger or WhatsApp – both designated by the European Commission (EC) as required to independently provide interoperability with third-party messaging services,” said Dick Brouwer of Meta.
The DMA, which officially became enforceable on March 7, 2024, requires companies in gatekeeper positions – Apple, Alphabet, Meta, Amazon, Microsoft and ByteDance – to crack down on anticompetitive practices by technology operators, level the playing field and like forcing them to open up some of their services to competitors.
As part of its efforts to comply with key regulations, the social media giant said it expects third-party providers to use the Signal protocol, which is used in both WhatsApp and Messenger for end-to-end encryption (E2EE).
Third parties are also required to compress encrypted communications into eXtensible Markup Language (XML) message rooms. If the message contains rich media, an encrypted version is downloaded by Meta clients from third-party messaging servers using a Meta proxy service.
The company also offers a so-called “plug-and-play” model that allows third-party vendors to connect to its infrastructure to achieve interoperability.
“Taking the example of WhatsApp, third-party clients will connect to WhatsApp servers using our protocol (based on the Extensible Messaging and Presence Protocol – XMPP),” Brouwer said.
“The WhatsApp server will interface with a third-party server via HTTP to facilitate a number of things, including third-party user authentication and push notifications.”
Additionally, third-party customers are required to run a WhatsApp enlistment API when joining its network, as well as provide cryptographic proof of their ownership of the identifier visible to the third-party user when they connect or a user of third parties register on WhatsApp or Messenger.
The technical architecture also requires a third-party provider to add a proxy or intermediary between their client and the WhatsApp server to provide more information about the types of content their client can receive from the WhatsApp server.
“The challenge here is that WhatsApp would no longer have a direct connection to both clients and, as a result, would lose connection-level signals that are important for protecting users from spam and scams such as TCP fingerprinting,” Brouwer noted .
“This approach also exposes all chat metadata to the proxy server, which increases the likelihood that this data could be accidentally or intentionally leaked.”