With the commencement of the EU's new regulations for digital "gatekeepers," Meta has outlined its approach to implementing end-to-end encryption (E2EE) on WhatsApp and Messenger while adhering to the Digital Markets Act's (DMA) third-party chat requirements. According to the DMA, Meta “must be ready to enable interoperability with other services within three months of receiving a request." However, the activation of this feature for public use may extend beyond this initial timeframe, as mentioned in a recent blog post.


In the first year of the regulation, the requirements focus on supporting one-on-one chats and the sharing of files such as images, videos, or voice messages, with plans to expand to include group chats and calls over time.


What Is Meta's Plan Of Action


Meta specifies that third-party providers must enter into an agreement to interoperate with Messenger and WhatsApp before collaborative implementation. The company encourages the use of WhatsApp's Signal protocol for encryption by other providers, but it expresses openness to alternatives meeting the same security standards.


The company also provides an overview of the technical intricacies involved in implementing this encryption. This process entails the third party creating message protobuf (Protocol Buffers) structures, consisting of key-value pairs, which undergo encryption using Signal. Subsequently, these structures are encapsulated into message stanzas using XML, employing a pushing mechanism. Meta's servers will then transmit these messages to connected clients through a persistent connection.


In collaboration with Meta, third-party entities are tasked with hosting any image or video files sent by their client apps to Meta's users. The encrypted media will be downloaded by Meta's messaging clients from the third-party messaging servers, facilitated through a Meta proxy device.


These particulars hold significance as users of Meta's messaging apps, notably WhatsApp users accustomed to default end-to-end encryption for years, seek assurance that their conversations will stay secure amid the alterations brought about by the DMA.


Nevertheless, Meta introduces a caveat by stating that, despite constructing a secure solution employing the Signal protocol to safeguard messages during transit, it cannot assure the security of "what a third-party provider does with sent or received messages." This implies that Meta might contend that third-party messaging interoperability carries potential security risks, aiming to maintain user engagement exclusively within Meta's messaging services.