HomeCyberSecurity NewsWhatsApp and Messenger to Ensure Interoperability in Compliance with EU's DMA Regulations

WhatsApp and Messenger to Ensure Interoperability in Compliance with EU’s DMA Regulations

Meta has shared its plans to implement interoperability in WhatsApp and Messenger with third-party messaging services as the Digital Markets Act (DMA) took effect in the European Union.

“This will allow users of third-party providers, who opt for interoperability (interop), to send and receive messages with users who have opted in on either Messenger or WhatsApp – both of which have been identified by the European Commission (EC) as needing to provide interoperability to third-party messaging services independently,” stated Meta’s Dick Brouwer explained.

The DMA, which was officially enforced on March 7, 2024, mandates companies in gatekeeper positions – such as Apple, Alphabet, Meta, Amazon, Microsoft, and ByteDance – to address anti-competitive practices in the tech industry, level the playing field, and open certain services to competitors.

To comply with these regulations, Meta expects third-party providers to utilize the Signal Protocol, which is currently used in WhatsApp and Messenger for end-to-end encryption (E2EE).

These third-parties must also format encrypted communications into message stanzas in eXtensible Markup Language (XML). In cases of media content, Meta clients will download an encrypted version from third-party messaging servers using a Meta proxy service.

The company is proposing a “plug-and-play” model to allow third-party providers to connect to its infrastructure for achieving interoperability.

“For instance, in the case of WhatsApp, third-party clients will connect to WhatsApp servers using our protocol (based on the Extensible Messaging and Presence Protocol – XMPP),” Brouwer explained.

“The WhatsApp server will interact with a third-party server over HTTP, handling tasks like user authentication and push notifications.”

Furthermore, third-party clients must execute a WhatsApp Enlistment API upon joining its network, and provide cryptographic proof of their ownership for third-party user identifiers during registration on WhatsApp or Messenger.

The technical architecture also allows for a third-party provider to add a proxy or intermediary between their client and the WhatsApp server to enhance content requirements from the server.

“A challenge arises here as WhatsApp loses direct connection to clients, impacting safety measures against spam and scams like TCP fingerprints,” noted Brouwer.

“Additionally, all chat metadata is exposed to the proxy server, elevating the risk of data leakage, whether accidental or intentional.”



Please enter your comment!
Please enter your name here

Latest News