Meta has supplied particulars on the way it intends to implement interoperability in WhatsApp and Messenger with third-party messaging providers because the Digital Markets Act (DMA) went into impact within the European Union.
“This enables customers of third-party suppliers who select to allow interoperability (interop) to ship and obtain messages with opted-in customers of both Messenger or WhatsApp – each designated by the European Fee (EC) as being required to independently present interoperability to third-party messaging providers,” Meta’s Dick Brouwer mentioned.
DMA, which formally turned enforceable on March 7, 2024, requires firms in gatekeeper positions – Apple, Alphabet, Meta, Amazon, Microsoft, and ByteDance – to clamp down on anti-competitive practices from tech gamers, degree the enjoying area, in addition to compel them to open a few of their providers to rivals.
As a part of its efforts to adjust to the landmark rules, the social media large mentioned it expects third-party suppliers to make use of the Sign Protocol, which is utilized in each WhatsApp and Messenger for end-to-end encryption (E2EE).
The third-parties are additionally required to package deal the encrypted communications into message stanzas in eXtensible Markup Language (XML). Ought to the message comprise media content material, an encrypted model is downloaded by Meta shoppers from the third-party messaging servers utilizing a Meta proxy service.
The corporate can also be proposing what’s known as a “plug-and-play” mannequin that permits third-party suppliers to hook up with its infrastructure for reaching interoperability.
“Taking the instance of WhatsApp, third-party shoppers will connect with WhatsApp servers utilizing our protocol (primarily based on the Extensible Messaging and Presence Protocol – XMPP),” Brouwer mentioned.
“The WhatsApp server will interface with a third-party server over HTTP with a view to facilitate quite a lot of issues together with authenticating third-party customers and push notifications.”
Moreover, third-party shoppers are mandated to execute a WhatsApp Enlistment API when opting into its community, alongside offering cryptographic proof of their possession of the third-party user-visible identifier when connecting or a third-party person registers on WhatsApp or Messenger.
The technical structure additionally has provisions for a third-party supplier so as to add a proxy or an middleman between their consumer and the WhatsApp server to supply extra details about the sorts of content material their consumer can obtain from the WhatsApp server.
“The problem right here is that WhatsApp would now not have direct connection to each shoppers and, in consequence, would lose connection degree indicators which might be vital for maintaining customers secure from spam and scams equivalent to TCP fingerprints,” Brouwer famous.
“This strategy additionally exposes all of the chat metadata to the proxy server, which will increase the chance that this information could possibly be by chance or deliberately leaked.”