Since the Digital Markets Act (DMA) entered into force in the European Union, Meta has provided information on how it plans to integrate interoperability in WhatsApp and Messenger with third-party messaging services.

“This allows users of third-party providers who choose to enable interoperability (interop) to send and receive messages with opted-in users of either Messenger or WhatsApp – both designated by the European Commission (EC) as being required to independently provide interoperability to third-party messaging services,” Meta’s Dick Brouwer stated.

DMA requires gatekeeper companies, such as Apple, Alphabet, Meta, Amazon, Microsoft, and ByteDance, to fulfill specific requirements as part of the European Commission’s efforts to curb anti-competitive practices by tech players, level the playing field, and force them to open up some of their services to competitors. It officially went into effect on March 7, 2024.

The social media behemoth said it expects third-party providers to adopt the Signal Protocol, which is used for end-to-end encryption (E2EE) in both WhatsApp and Messenger, as part of its attempts to comply with the historic legislation.

It is also necessary for the third parties to bundle the encrypted communications into XML (Extensible Markup Language) message stanzas. In the event that the message contains media material, Meta clients use a Meta proxy service to get an encrypted version from the third-party messaging servers.

ShapeShift, a defunct cryptocurrency exchange, settles SEC charges of selling illegal securities.

In order to achieve interoperability, the corporation is also putting out a “plug-and-play” architecture that enables other suppliers to connect to its infrastructure.

“Taking the example of WhatsApp, third-party clients will connect to WhatsApp servers using our protocol (based on the Extensible Messaging and Presence Protocol – XMPP),” Brouwer said.

“The WhatsApp server will interface with a third-party server over HTTP in order to facilitate a variety of things including authenticating third-party users and push notifications.”

In addition, when a third-party user registers on WhatsApp or Messenger, third-party clients are required to run a WhatsApp Enlistment API and provide cryptographic evidence proving they are the proprietors of the third-party user-visible identity.

In order to provide more information about the types of material that their client may receive from the WhatsApp server, a third-party provider may additionally install a proxy or an intermediary between their client and the WhatsApp server according to the technological architecture.

America Takes Action Against Predatory Spyware Company That Targets Public Officials and Journalists

“The challenge here is that WhatsApp would no longer have direct connection to both clients and, as a result, would lose connection level signals that are important for keeping users safe from spam and scams such as TCP fingerprints,” Brouwer said.

“This approach also exposes all the chat metadata to the proxy server, which increases the likelihood that this data could be accidentally or intentionally leaked.”

source