Meta Unveils End-to-End Encryption for Third-Party Chats on WhatsApp Platform

Meta: Third-Party Chats Feature Requires Over Three Months for Public Launch

Meta, the parent company of WhatsApp, announced on Wednesday that the introduction of the much-anticipated third-party chats feature will be delayed beyond the initial three-month deadline set by the European Union’s Digital Markets Act (DMA), which came into effect on March 6. Under this regulation, platforms are mandated to enable messaging interoperability for individual conversations within the EU within three months. However, Meta clarified that due to complexities associated with integrating end-to-end encryption (E2EE) architecture for third-party providers, WhatsApp requires more time for implementation. Additionally, Meta revealed that functionalities such as group chats, audio, and video calling will not be feasible until after 2024.

In a comprehensive statement, Meta outlined the intricacies of its interoperability features, its collaboration plans with other messaging platforms, and the hurdles impeding the timely rollout. The technology conglomerate underscored its commitment to developing a robust safety and privacy-focused framework for interoperability over a span of nearly two years, during which it engaged in consultations with the European Commission.

Meta attributed the delay primarily to technical obstacles associated with interoperability. Nonetheless, it expressed optimism about achieving significant milestones by the year’s end, including the implementation of individual text messaging, voice messages, and the seamless exchange of multimedia files between end users. Although Meta refrained from providing a specific timeline, it affirmed its intentions to incorporate group chats and calling features as part of its long-term strategy.

To make interoperability possible with WhatsApp, third-party providers will need to sign an agreement to enable third-party chats. “In order to maximise user security, we would prefer third-party providers to use the Signal Protocol. Since this has to work for everyone however, we will allow third-party providers to use a compatible protocol if they are able to demonstrate it offers the same security guarantees as Signal,” Meta added.

 

 

Delving into the technicalities, the post explained that WhatsApp uses the Noise Protocol Framework to encrypt all data between the end user and the servers. As a part of the protocol, third-party providers will need to perform something the company calls ‘Noise Handshake’, which describes the process of providing a payload to the server along with the JWT Token.

As part of the Noise Protocol, the third-party client must perform a “Noise Handshake” every time the client connects to the WhatsApp server. Part of this Handshake is providing a payload to the server which also contains the JSON Web Token (JWT Token). It is a proposed standard to create data with the option to add signature and encryption. This will be the key to connecting with WhatsApp’s servers.

Meanwhile, Meta also said that while it will take responsibility for E2EE while the data is in WhatsApp’s servers and in transit, it cannot ensure the same once the data has been received by the third-party client.