Meta announced on Wednesday that the rollout of a feature allowing third-party chats on WhatsApp will be delayed. As mandated by the European Union’s Digital Markets Act (DMA), which took effect on March 6, platforms are required to ensure messaging interoperability for individual conversations within three months. However, Meta has indicated that it will need additional time due to challenges in implementing end-to-end encryption (E2EE) for third-party services. Furthermore, features like group chats and audio and video calls are expected to be introduced only after 2024.
In an extensive blog post, Meta outlined its interoperability plans, discussed collaboration with other messaging platforms, and detailed the limitations hindering the timely introduction of these features. The company stated that it has been focusing on creating a safety and privacy-oriented interoperability framework for the past two years, working closely with the European Commission throughout the process.
The primary reason for the delay stems from the technical challenges associated with interoperability, according to Meta. The company aims to implement features enabling individual text messaging, voice messages, and the sharing of images, videos, and other files between users by the end of the year. Although no specific timeline was provided, Meta assured that it intends to include group chat and calling capabilities in its future plans.
For third-party providers to enable chat functionalities with WhatsApp, they must enter into an agreement to support third-party messaging. “To maximize user security, we recommend that third-party providers utilize the Signal Protocol. However, to accommodate all parties, we will consider other compatible protocols if they can demonstrate equivalent security assurances,” said Meta.
The technical details shared in the post explained that WhatsApp employs the Noise Protocol Framework to secure all data between users and the servers. Third-party providers will be required to execute what is termed a ‘Noise Handshake’ to establish a connection, which entails transmitting a payload to the server along with a JSON Web Token (JWT).
As part of the Noise Protocol, third-party clients must perform a “Noise Handshake” each time they connect to WhatsApp’s servers. This handshake involves sending a payload that also includes the JWT, which serves as a standard for data creation with optional signature and encryption features. This process will be crucial for establishing connections with WhatsApp’s servers.
Additionally, Meta clarified that while it will maintain responsibility for end-to-end encryption of data stored on WhatsApp’s servers and during transmission, it cannot guarantee the same level of security once the data is received by the third-party client.
