Meta Advances EU DMA Compliance with Messaging Interoperability
Meta has disclosed further details on the approach it intends to adopt for enabling interoperability between its messaging applications, WhatsApp and Messenger, and third-party messaging services, in compliance with the European Union’s Digital Markets Act (DMA).
The company has previously indicated that interactions with third-party chats would be optional for users, citing concerns over potential spam and scams. Moreover, Meta has clarified that third-party services wishing to integrate must sign an agreement, the specifics of which were previously undisclosed.
Meta has announced its preference for third-party developers to employ the Signal protocol for encryption, citing its use in WhatsApp and Messenger as a testament to its security. However, Meta is open to considering alternative protocols provided they offer equivalent security guarantees. The Signal protocol is renowned for its end-to-end encryption (E2EE) capabilities, which have been a default feature in WhatsApp since 2016 and are currently being implemented in Messenger. This insistence on a high security standard underscores Meta’s commitment to maintaining the privacy and security of its users’ communications.
The technical implementation of this interoperability involves the encryption of message protobuf structures using the Signal protocol, followed by their encapsulation into XML-based message stanzas for transmission. Meta’s infrastructure will facilitate the delivery of messages to connected clients through a persistent connection. Additionally, third-party services will be responsible for hosting any media files, which will be accessed by Meta’s messaging clients through encrypted channels, ensuring the security of data in transit.
Meta has raised concerns regarding the potential security risks associated with third-party messaging interoperability, suggesting that it cannot guarantee the security of messages once they are under the control of third-party providers. This statement hints at a cautious stance towards interoperability, aimed at preserving user trust in the security of Meta’s messaging services. The company also mentioned the possibility of an alternative interoperability solution involving a proxy, which would necessitate additional agreements to safeguard users from spam and scams. Meta is in the process of publishing reference offers for third-party providers for both WhatsApp and Messenger, signaling a step forward in the implementation of the DMA’s requirements.