In context: March 6 was the deadline for the biggest tech companies in the world to comply with the provisions of the European Union’s Digital Markets Act (DMA). The six so-called “gatekeepers,” including Alphabet, Amazon, Apple, ByteDance, Meta, and Microsoft, are all announcing plans for adhering to the new law.
Meta had earlier announced that its popular instant messaging service, WhatsApp, will soon introduce third-party chat support for its 2 billion+ users to stick to the provisions of the DMA. The company has now shared its detailed plans to ensure interoperability between WhatsApp/Messenger and third-party chat apps to comply with the requirements of the new regulation while maintaining user privacy and security.
In a blog post announcing its updated policies, Meta confirmed that engaging with third-party chat clients will require explicit user consent to prevent potential spam and scams. The company also stated that developers wanting to take advantage of the new interoperability should preferably switch over to the Signal Protocol, as it’s considered to be the current gold standard for E2EE chats.
However, according to the provisions of the DMA, WhatsApp and Messenger will have to be compatible with all apps irrespective of whether they are using the Signal Protocol for encryption or not. To comply with the law, Meta says it will allow third-party chat apps to use a compatible protocol if they can demonstrate it offers the same level of security as Signal.
WhatsApp and Messenger both use encryption based on the tried and tested Signal Protocol as Meta clearly believes that it is the best way to keep spam at bay while offering the strongest possible security. While Messenger is still in the process of rolling out end-to-end-encryption (E2EE) by default for personal communication, WhatsApp enabled it way back in 2016 for all its users globally.
It is worth noting here that despite using a secure E2EE solution for WhatsApp and Messenger, Meta says that it cannot guarantee full privacy for chats originating from or culminating in third-party apps. That’s because according to Meta, it has no way of controlling “what a third-party provider does with sent or received messages, and we therefore cannot make the same promise.”