WhatsApp’s third-party chats feature will support end-to-end encryption, Meta reveals

WhatsApp will take some more time to roll out third-party chats to users, Meta explained on Wednesday. Under the European Union’s (EU) Digital Markets Act (DMA), which came into force on March 6, platforms are required to offer interoperability of messages in individual conversations in the region within three months. However, Meta said it would take the messaging platform longer than expected, citing limitations in implementing an end-to-end encryption (E2EE) architecture for third-party vendors. The company also said that features like group chats, as well as audio and video calls, will only be possible after 2024.

In detail post, Meta highlighted the work on its interoperability features, its plans to work with other messaging platforms, and the limitations stopping it from adding the feature for users in the given time frame. The tech giant said it had been building a safety- and privacy-focused process for interoperability for nearly two years and consulted with the European Commission.

According to the social media giant, technical interoperability challenges are the main reason for the delay. However, by the end of the year it aims to be able to implement individual text messages, voice messages, as well as the sharing of images, videos and other attachments between end users. While it didn’t provide a timetable, Meta mentioned that implementing group chats and calling features remains in its plans.

In order for interoperability with WhatsApp to be possible, third-party providers will need to sign an agreement to enable third-party chats. “To maximize user security, we would prefer that third-party vendors use the Signals Protocol.” However, since this should work for everyone, we will allow third-party vendors to use a compatible protocol if they are able to demonstrate that it offers the same security guarantees as Signal,” Meta added.

Delving into the technical details, the post explains that WhatsApp uses the Noise Protocol Framework to encrypt all data between the end user and the servers. As part of the protocol, third-party providers will need to perform what the company calls a “Noise Handshake,” which describes the process of providing a payload to the server along with the JWT Token.

As part of the Noise Protocol, the third-party client must perform a “Noise Handshake” every time the client connects to the WhatsApp server. Part of this handshake delivers a payload to the server, which also contains a JSON web token (JWT token). This is a proposed standard for creating data with the option to add signature and encryption. This will be the key to connect to the WhatsApp servers.

Meanwhile, Meta also said that while it takes responsibility for E2EE while the data is on WhatsApp’s servers and in transit, it cannot guarantee the same once the data is received by the third-party client.