Meta has supplied particulars on the way it intends to implement interoperability in WhatsApp and Messenger with third-party messaging providers because the Digital Markets Act (DMA) went into impact within the European Union.
“This enables customers of third-party suppliers who select to allow interoperability (interop) to ship and obtain messages with opted-in customers of both Messenger or WhatsApp – each designated by the European Fee (EC) as being required to independently present interoperability to third-party messaging providers,” Meta’s Dick Brouwer stated.
DMA, which formally grew to become enforceable on March 7, 2024, requires corporations in gatekeeper positions – Apple, Alphabet, Meta, Amazon, Microsoft, and ByteDance – to clamp down on anti-competitive practices from tech gamers, stage the taking part in area, in addition to compel them to open a few of their providers to opponents.
As a part of its efforts to adjust to the landmark rules, the social media large stated it expects third-party suppliers to make use of the Sign Protocol, which is utilized in each WhatsApp and Messenger for end-to-end encryption (E2EE).
The third-parties are additionally required to bundle the encrypted communications into message stanzas in eXtensible Markup Language (XML). Ought to the message include media content material, an encrypted model is downloaded by Meta purchasers from the third-party messaging servers utilizing a Meta proxy service.
The corporate can also be proposing what’s referred to as a “plug-and-play” mannequin that permits third-party suppliers to hook up with its infrastructure for attaining interoperability.
“Taking the instance of WhatsApp, third-party purchasers will hook up with WhatsApp servers utilizing our protocol (primarily based on the Extensible Messaging and Presence Protocol – XMPP),” Brouwer stated.
“The WhatsApp server will interface with a third-party server over HTTP to be able to facilitate quite a lot of issues together with authenticating third-party customers and push notifications.”
Moreover, third-party purchasers are mandated to execute a WhatsApp Enlistment API when opting into its community, alongside offering cryptographic proof of their possession of the third-party user-visible identifier when connecting or a third-party consumer registers on WhatsApp or Messenger.
The technical structure additionally has provisions for a third-party supplier so as to add a proxy or an middleman between their consumer and the WhatsApp server to supply extra details about the sorts of content material their consumer can obtain from the WhatsApp server.
“The problem right here is that WhatsApp would now not have direct connection to each purchasers and, consequently, would lose connection stage indicators which can be vital for preserving customers secure from spam and scams corresponding to TCP fingerprints,” Brouwer famous.
“This strategy additionally exposes all of the chat metadata to the proxy server, which will increase the chance that this information may very well be by chance or deliberately leaked.”