Meta today announced plans to make its messaging apps WhatsApp and Messenger interoperable with third-party messaging services, as required by the EU's new Digital Markets Act (DMA). Further details were revealed. The company previously shared that the integration with third-party chat will be an opt-in experience for users, considering the new integration could be a source of spam and fraud. It also said the third party would have to sign a contract, the details of which were not shared until today. Additionally, Meta says it currently asks third parties to use the Signal protocol, but may make exceptions in the future.
Specifically, Meta says it will only allow third-party developers to use another protocol other than Signal “if they can demonstrate that it provides the same security guarantees as Signal.”
The company touts the benefits of its Signal protocol, which is used for encryption on both WhatsApp and Messenger. Messenger still deploys E2EE (end-to-end encryption) by default, while WhatsApp has been offering E2EE by default since 2016. Meta says he “prefers” third-party chats, as Signal is his “current gold standard” for E2EE chat. also uses the same protocol.
The company also outlines high-level technical details about how this encryption works. This involves a third party building a message protobuf (protocol buffer) structure (a set of key-value pairs). These structures are encrypted and packaged using Signal. Message stanzas (push mechanism) using XML. Meta's servers, on the other hand, use persistent connections to push messages to connected clients.
The third party that connects to Meta is responsible for hosting the image or video files that the client app sends to Meta users. Meta's messaging client uses Meta proxy devices to download encrypted media from third-party messaging servers, the company notes.
Image credit: Meta
Meta's messaging app users, especially WhatsApp users who have had E2EE turned on by default for years, want to know that their conversations will remain secure despite the DMA changes, so these Details matter.
However, Meta said that while it has built a secure solution that protects messages in transit using the Signal protocol, it cannot guarantee “what third-party providers will do with messages sent and received.” , I'm getting around this a bit. This suggests that Meta may use claims of potentially less secure third-party messaging interoperability as a means to keep users engaged exclusively with Meta's messaging services. Masu.
The company's blog post also explains that the solution is ideal because it builds on Meta's existing client/server architecture, lowering the barrier to entry for new entrants. But this leaves the meta creating the rules and determining how interop works. Meta points out that doing this will improve reliability, as Meta's infrastructure has already scaled to handle more than 100 billion messages each day. Still, the company says there may be an approach that removes the requirement for a third party to implement WhatsApp's client-to-server protocol by instead adding a proxy between the client and the WhatsApp server. But that solution requires third parties to agree to additional protections to protect Meta users from spam and fraud.
Additionally, Meta says third-party providers will need to enter into an agreement with Meta or WhatsApp before interoperability can be achieved. The company is today publishing his WhatsApp reference offer for third-party providers and will soon be publishing a reference offer for Messenger as well.