WhatsApp’s Third-Party Chats Feature Will Uphold End-to-End Encryption, Reveals Meta

WhatsApp will take some more time to bring third-party chats feature to users, Meta explained on Wednesday. As per the European Union’s (EU) Digital Markets Act (DMA), which went live on March 6, platforms are required to offer messaging interoperability in individual conversations in the region within three months. However, Meta said it will take the messaging platform more than the allotted time, citing limitations in implementing end-to-end encryption (E2EE) architecture for third-party providers. The company also said that features such as group chats as well as audio and video calling will only be possible after 2024.

In a detailed post, Meta highlighted the workings of its interoperability features, its plans to work with other messaging platforms, and the limitations that are stopping it from adding the feature for users within the given time frame. The tech giant said that it has been building a safety and privacy-centric process for interoperability for nearly two years and has consulted the European Commission.

According to the social media giant, the technical challenges with interoperability are the main reason for the delay. However, it is targeting that by the end of the year, it will be able to implement individual text messaging, voice messages, as well as the sharing of images, videos, and other attached files between end users. While it did not provide a timeline, Meta mentioned that implementing group chats and calling features remains in its plans.

To make interoperability possible with WhatsApp, third-party providers will need to sign an agreement to enable third-party chats. “In order to maximise user security, we would prefer third-party providers to use the Signal Protocol. Since this has to work for everyone however, we will allow third-party providers to use a compatible protocol if they are able to demonstrate it offers the same security guarantees as Signal,” Meta added.

Delving into the technicalities, the post explained that WhatsApp uses the Noise Protocol Framework to encrypt all data between the end user and the servers. As a part of the protocol, third-party providers will need to perform something the company calls ‘Noise Handshake’, which describes the process of providing a payload to the server along with the JWT Token.

As part of the Noise Protocol, the third-party client must perform a “Noise Handshake” every time the client connects to the WhatsApp server. Part of this Handshake is providing a payload to the server which also contains the JSON Web Token (JWT Token). It is a proposed standard to create data with the option to add signature and encryption. This will be the key to connecting with WhatsApp’s servers.

Meanwhile, Meta also said that while it will take responsibility for E2EE while the data is in WhatsApp’s servers and in transit, it cannot ensure the same once the data has been received by the third-party client.