Bridging the Gap: Do My Messaging Apps Really Need Interoperability?
May. 7, 2024A Case for Interoperability in Messaging Apps
Let’s first briefly understandwhat interoperability isin the context of messaging apps. Take the example of emails. You can send an email from Gmail to an Outlook user seamlessly. You don’t need to have an Outlook account to send emails to Outlook users. Similarly, an Outlook user can send an email to a Gmail or Yahoo user without any friction. This works across all email services.
A point closer to home:the way UPI works in India. You can send money from PhonePe to a GPay user without having a GPay account. It works across all UPI apps.
That is the essence of interoperability. Aservice that canoperate beyond its platformand communicate with other third-party services. Now for the past few years, governments, especially the EU, have been advocating and asking companies to implement interoperability in messaging apps.
It can be highly convenient to users as this ruling lets a WhatsApp user send messages to users on other messaging apps. The userdoesn’t have to be on a particular messaging appto send or receive messages. Users can choose the messaging app that best meets their needs without having to worry about whether their contacts use the same service. It can make the messaging experience seamless.
Most importantly,interoperability prevents platform lock-in. Apple has been leveraging its iMessage lock-in to bring more users into its fold. Sadly, due to this lock-in (also called the Network Effect), users are locked to the platform and sadly can’t leave it easily. RememberTim Cookasking an audience member to buy an iPhone in order to send better videos to his mom?
So, there is definitely a good case for introducing interoperability in messaging apps. But what are the drawbacks? Let’s find out below.
WhileMeta has enabledthird-party interoperability for WhatsApp and Messenger in the EU, there are some issues that need attention. First of all,maintaining end-to-end encryption(E2EE) is of paramount importance while complying with interoperability.
We all know that WhatsApp has E2E encryption turned on by default, and Meta is also rolling out default E2EE for Facebook Messenger. Apart from that, Signal andGoogle Messagesalso offer E2E encryption. The common thread between all these messaging apps is that all of them use thetried-and-tested Signal Protocolto implement end-to-end encryption.
In its blog post, Meta says that if third-party messaging apps use the same Signal Protocol for E2E encryption, it would “maximize user security“. The company also says that it can support other compatible protocols, but the protocol should have the “same security guarantees as Signal.”
The point here is that for maintaining E2E encryption while offering interoperability, having acommon cryptographic protocolis important. While transmitting the message from one service to another, there should be no leakage whatsoever.
“While we have built a secure solution for interop that uses the Signal Protocol encryption to protect messages in transit, without ownership of both clients (endpoints) we cannot guarantee what a third-party provider does with sent or received messages, and we therefore cannot make the same promise,” says Meta.
It means that security is still a contentious issue for implementing interoperability in messaging apps. Not to mention, Apple’s iMessage and Telegram havedifferent proprietary encryption protocols. Supporting a score of messaging apps with different protocols would be a challenging task. By the way, iMessage is not part of the EU’s interoperable regulation as a large number of people in the EU do not use its service.
Apart from security drawbacks, there are also concerns about spam and phishing in messaging apps. Unlike email services,messaging is more private, hence, bringing in interoperability would make personal messaging a nightmare.
We already know that ouremail inboxes are filled with spam, phishing messages, and unsolicited emailsfrom just about anyone. Opening the floodgates to third-party services would extend the wider network of communication to malicious actors for spam and phishing attacks.
While interoperability brings convenience for users and prevents platform lock-in, it is equally true thatmaintaining iron-clad securityacross third-party services is a harder technical problem to solve. Messaging apps using different security protocolsmay bring in more vulnerabilities. Not to mention, spam and phishing messages can ruin the personal messaging experience.
While the interoperability war continues for messaging apps, what do you think about the EU’s decision? Let us know your thoughts in the comments below.
Passionate about Windows, ChromeOS, Android, security and privacy issues. Have a penchant to solve everyday computing problems.
