Meta has supplied particulars on the way it intends to implement interoperability in WhatsApp and Messenger with third-party messaging providers because the Digital Markets Act (DMA) went into impact within the European Union.
“This enables customers of third-party suppliers who select to allow interoperability (interop) to ship and obtain messages with opted-in customers of both Messenger or WhatsApp – each designated by the European Fee (EC) as being required to independently present interoperability to third-party messaging providers,” Meta’s Dick Brouwer stated.
DMA, which formally grew to become enforceable on March 7, 2024, requires firms in gatekeeper positions – Apple, Alphabet, Meta, Amazon, Microsoft, and ByteDance – to clamp down on anti-competitive practices from tech gamers, degree the enjoying area, in addition to compel them to open a few of their providers to rivals.
As a part of its efforts to adjust to the landmark rules, the social media big stated it expects third-party suppliers to make use of the Sign Protocol, which is utilized in each WhatsApp and Messenger for end-to-end encryption (E2EE).
The third-parties are additionally required to bundle the encrypted communications into message stanzas in eXtensible Markup Language (XML). Ought to the message comprise media content material, an encrypted model is downloaded by Meta shoppers from the third-party messaging servers utilizing a Meta proxy service.
The corporate can be proposing what’s referred to as a “plug-and-play” mannequin that permits third-party suppliers to hook up with its infrastructure for attaining interoperability.
“Taking the instance of WhatsApp, third-party shoppers will hook up with WhatsApp servers utilizing our protocol (primarily based on the Extensible Messaging and Presence Protocol – XMPP),” Brouwer stated.
“The WhatsApp server will interface with a third-party server over HTTP as a way to facilitate quite a lot of issues together with authenticating third-party customers and push notifications.”
Moreover, third-party shoppers are mandated to execute a WhatsApp Enlistment API when opting into its community, alongside offering cryptographic proof of their possession of the third-party user-visible identifier when connecting or a third-party person registers on WhatsApp or Messenger.
The technical structure additionally has provisions for a third-party supplier so as to add a proxy or an middleman between their shopper and the WhatsApp server to offer extra details about the sorts of content material their shopper can obtain from the WhatsApp server.
“The problem right here is that WhatsApp would now not have direct connection to each shoppers and, consequently, would lose connection degree alerts which might be vital for protecting customers secure from spam and scams reminiscent of TCP fingerprints,” Brouwer famous.
“This method additionally exposes all of the chat metadata to the proxy server, which will increase the chance that this knowledge might be by accident or deliberately leaked.”
