As the Digital Markets Act (DMA) comes into effect in the European Union, Meta has detailed how it plans to achieve interoperability with third-party messaging services in WhatsApp and Messenger.
“This enables users of third-party providers who have opted in to enable interop to send and receive messages with Messenger or WhatsApp users who have opted in – both services have been designated by the European Commission (EC) as requiring independent interop provision sexual third-party messaging services,” said Meta’s Dick Brouwer.
The DMA, which officially takes effect on March 7, 2024, requires companies in gatekeeping positions — Apple, Alphabet, Meta, Amazon, Microsoft and ByteDance — to crack down on anti-competitive behavior by technology companies and create a level playing field. Forcing them to open some services to competitors.
As part of its efforts to comply with the landmark regulation, the social media giant said it expects third-party providers to use the Signal protocol, which is used for end-to-end encryption (E2EE) in WhatsApp and Messenger.
Third parties are also required to package encrypted communications into Extensible Markup Language (XML) message stanzas. If the message contains media content, the Meta client will use the Meta proxy service to download an encrypted version from a third-party message server.
The company has also proposed a so-called “plug and play” model that allows third-party providers to connect to its infrastructure for interoperability.
“In the case of WhatsApp, third-party clients will use our protocol (based on the Extensible Messaging and Presence Protocol – XMPP) to connect to the WhatsApp servers,” Brouwer said.
“WhatsApp servers will interact with third-party servers via HTTP to facilitate various tasks, including authenticating third-party users and push notifications.”
Additionally, third-party customers must implement the WhatsApp Enlistment API when opting into their network and provide cryptographic proof of their ownership of the third-party user’s visible identifier when connecting or when the third-party user registers on WhatsApp or Messenger.
The technical architecture also provides for third-party providers to add proxies or intermediaries between their clients and WhatsApp servers to provide more information about the types of content their clients can receive from WhatsApp servers.
“The challenge here is that WhatsApp will no longer be directly connected to the two clients, so it will lose connection-level signals that are critical to protecting users from scams such as spam and TCP fingerprinting,” Brouwer noted.
“This approach also exposes all chat metadata to the proxy server, which increases the possibility of accidental or intentional disclosure of this data.”
