Bulletins

Messaging apps may soon be forced to work together. It won’t be easy.

Sending a message could become as frictionless as sending an email. But getting there will be a technical challenge.

People messaging on phones.

The EU wants large messaging platforms like Apple's iMessage and Meta's WhatsApp to play nicely with smaller apps. Getting there will be a technical challenge.

Photo: Westend61 via Getty Images

Imagine needing to use a different email account for Gmail, Microsoft and Yahoo just to be able to send messages to the people who use Gmail, Microsoft or Yahoo. That would be annoying; email thankfully lets us use one service to get in touch with people on different services. But that’s an issue for messaging, and one the Digital Markets Act is trying to solve, specifically with “gatekeeper” companies like iMessage and WhatsApp. But making those apps play nicely isn’t simple.


To message a friend, you have to know which app they’re using. Someone might not respond to texts or Signal, but might be addicted to WhatsApp. The DMA, which is closer to becoming law after European authorities signed off on it last week, will require large messaging platforms like iMessage and WhatsApp to open up to smaller networks (if the platform requests it). That means your iMessage text could be received by someone who only uses Signal, for instance.

“The largest messaging services (such as [WhatsApp], Facebook Messenger or iMessage) will have to open up and interoperate with smaller messaging platforms, if they so request,” EU lawmakers agreed. “Users of small or big platforms would then be able to exchange messages, send files or make video calls across messaging apps, thus giving them more choice.”

Sounds great, right? Interoperability supporters are celebrating the new rules, but those advocates and security experts alike also have questions: How would this work, exactly? Where will user data be stored? What does this mean for end-to-end encryption?

Researcher Carla Griggio has studied interoperability at Aarhus University’s Department of Computer Science and said the DMA is essentially about letting users have the freedom to decide where they want to communicate without being cut off from the people who choose to use a different messaging platform.

“Having this law ask at least the biggest platforms to open up would allow you, for example, to choose to stop using WhatsApp if you wanted without being cut off from communication with the people that still choose to use WhatsApp,” she said.

But Griggio said it’s still unclear whether people will be able to control who reaches them where. “How are we still going to have control over where we communicate with whom?” she said.

There’s also a social component to making messaging platforms work seamlessly together, she said. iMessage, for instance, allows users to send stickers or animations, but it’s unclear whether those functionalities can be carried over when communicating with people on different apps. “If anything in the content of the conversation is not part of that contract between apps, for example stickers or voice messages, I don't think that interoperability is going to work,” she said. “And it's going to bring frustrations, miscommunication.”

The other big question is how end-to-end-encryption will work across all apps. Security experts are concerned it will need to be weakened or dropped for the sake of interoperability. Neil Brown, managing director of the internet-focused law firm decoded.legal, said requiring users to accept weaker security in order for platforms to remain interoperable “would seem counterintuitive.”

Brown said he could see platforms offering end-to-end encryption giving their users a heads-up if they’re working with platforms that do not offer the same.

“I would not be surprised that, if platforms offering end-to-end encryption were able to interoperate with platforms which do not, they would warn their users about the implications of those originating communications from a non-end-to-end encrypted platform,” he said.

There could be one way to allow for interoperability while circumventing these concerns about end-to-end encryption and data privacy, said Conrad Kramer, who has worked on Apple’s Shortcuts feature and co-founded Workflow. Kramer said companies like Apple, Meta and others could open their messaging service APIs to one central app. From there, users would be able to choose whether they want to send a message from iMessage or Signal or Messenger without opening those apps.

The rules may also have the effect of allowing Android users to finally have access to iMessage (though no word on whether the green and blue bubble divide will come to a close).

“[If] I am a smaller messaging app, and I would like to interoperate with WhatsApp and iMessage, those companies would be legally required to provide an API for my app to reach into and talk to the iMessage and WhatsApp networks," he said.

In the case that abuse occurs through a messaging platform or the government needed messaging data for whatever reason, the network where the message traveled to would be responsible: “If you are using iMessage, and you message over the WhatsApp network to someone else on WhatsApp, the answer is Facebook because Facebook operates the network that the message traversed," Kramer said.

Kramer said the main concern with encryption is that if the rules required the servers of Apple or Facebook to talk (or interoperate), then an iMessage going to WhatsApp would potentially need to be decrypted from iMessage and then re-encrypted for WhatsApp: “at which point that is breaking the encryption.” But it would be less of an issue if the message traveled through one network.

“In any model where the message traverses a single network, and it goes from one phone to another phone, the encryption would still preserved and not broken," he said.

Regardless, platforms are going to need to cross engineering hurdles to make interoperability work. Apple is already worried the rules will create security vulnerabilities, while Google thinks they’ll hinder innovation.

“Requiring coordination between large tech companies is something that is very hard to do,” Kramer said. “They do not like each other, they do not work well together.”

But platforms will need to learn to play nice, because the rules will start to take effect later this year. From then on, platforms have staggered deadlines to meet different levels of interoperability.
Latest Bulletins

This year is on track to be a record for global electric vehicle adoption. EVs are expected to make up 13% of light duty vehicle sales, and the world is on track to hit a 2030 milepost en route to net zero by mid-century. Yet the road ahead is far from smooth in other industries.

Keep Reading Show less

The popularity of VAs has grown dramatically over the past couple of years. And we’re not talking about virtual assistant tech; we’re talking about real people.

Keep Reading Show less

Apple called its employees back to the office as the company’s three-day-per-week hybrid schedule finally began in early September. Many tech companies have eased up on requiring office work, making Apple somewhat of an outlier when it comes to RTO.

Another outlier, Google, has been in hybrid mode since April, reportedly leading to outbreaks of COVID-19 at the office. Yet for all the talk about Google’s three-day-a-week RTO policy, two workers who spoke to Protocol anonymously say it’s not much of a mandate. An employee and a contractor both told Protocol that the hybrid policy doesn’t seem to be imposed across the board.

“The impression I have is that it’s basically not enforced,” the employee said. The Google contractor said attendance varied across different teams, noting that while some of their teammates go to the office three days a week, most only go in once. (Neither Google nor Apple returned emails inquiring about how their hybrid policies are enforced.)

Sundar Pichai’s plan to make Google “20% more efficient” may lead nervous workers to choose to go to the office more often. (An August survey found that CBRE tenants were “evenly split” on whether a recession would drive more workers to the office out of anxiety for their job security.)

As of now, most companies’ hybrid requirements are only enforced as a “very soft mandate,” said Brian Kropp, distinguished VP of research at Gartner. About half of companies with a hybrid mandate are tracking office attendance, Kropp said, but even those that are doing so “have no real plans to fire people for not coming to the office, as long as they’re getting their work done.”

More than 40% of HR leaders surveyed by Gartner last month said they weren’t tracking office attendance. Thirty-five percent said they were gathering attendance data from key fob or badge swipes, while 22% said managers were tracking their teams’ attendance. Another 10% said employees were self-reporting their attendance.

Companies that selectively enforce attendance requirements may wind up with unfair outcomes, Kropp said.

“If you have a mandated set of days where you have to come to the office, but it’s unevenly enforced across the company, then you run into issues of fairness,” Kropp said. “That just creates more variability across the company, which then creates more risk as well in terms of that inconsistency.”

And while flexibility puts companies at an advantage when it comes to competing for talent, it also requires more sophisticated management, Kropp said. “The question you should really be asking is: Does our managerial population, on average, have the capability to manage much more flexibility, or not?” Kropp said. “If the answer is ‘yes, they do,’ you should push for as much flexibility as you can.”

To run high-performing teams in a flexible environment, managers need to be “half social worker, half engineer,” Kropp said. That means more empathy and more capacity for planning and organization.

While companies may seem settled into their hybrid ways of working, many leaders are leaving policies open to change with time rather than overcommitting themselves. The world is unpredictable, as we’ve learned in the last 2.5 years. “A lot of these executives — the way that they’re framing it now is, ‘This is our hybrid strategy for now, and it could evolve and could change,’” Kropp said.

Amazon falls into that category. As Andy Jassy put it at the Code Conference on Wednesday, Amazon doesn’t have a plan to force employees back to the office: “We’re going to proceed adaptively as we learn.”

A version of this story appeared in Protocol's Workplace newsletter. Sign up here to get it in your inbox three times a week.

If you truly want to gauge a company’s culture before accepting a job offer, you have to become a bit of a sleuth. A journalist, even. Troll Blind and Glassdoor. Browse LinkedIn for current employees who seem trustworthy, or former employees who seem not to have an agenda.

But not everyone has the time to investigate companies in this way. Instead, they may rely on company-sponsored chats with current employees.

  • Ian Royer, a public relations specialist with Amazon Canada, took Amazon up on its “Candid Chats” program that connects candidates with members of employee resource groups.
  • He was on a mission to determine whether he fit with Amazon’s culture. “I am at a point in my career where when I do interviews, I interview for my fit, not the company,” Royer said.
  • Royer spoke with representatives from Amazon’s Black Employee Network and LGBTQ group Glamazon after encouragement from his recruiter. Those conversations ultimately won him over.

Steve McElfresh, founder of HR Futures, said it’s worth it for employers to offer to connect candidates with current employees. The more information, the more helpful to candidates. Still, it’s impossible for company-sponsored candidate-employee chats to be completely candid. Those chats are not entirely trustworthy.

  • “In most cases you’ve got to assume they’re using a stable of people who are prepped and primed to be positive about the company,” McElfresh said. “There’s nothing fundamentally wrong with that, but I think you've got to take it with a grain of salt.”

For those who want to connect with employees on their own, scouring LinkedIn and similar sites might be the best option. Professional platform Candor, a new startup trying to be the “more authentic LinkedIn,” was built with job sleuthing in mind.

  • “Especially in a remote world, it's so hard to figure out and so hard to get to know people and know if that culture fit is going to be there at your next opportunity,” said Candor founder Kelsey Bishop.
  • Candor profiles look kind of like corporate mood boards, with descriptors like “my core values,” “teammates that really inspire me” and “things that motivate me.” Bishop said the service is meant for casual networking, and to help people suss out the working styles of their potential future co-workers.

Bishop added that anonymous platforms can quickly turn toxic, hence Candor’s model with private profiles. But without anonymity, how candid will someone really be?

  • “As a candidate, you have to dig beyond what’s publicly available,” McElfresh said. “I would certainly be looking for more of the anonymous material.”
  • On the other hand, you can’t verify the identity, and therefore validity, of anonymous reviews. “The problem with anonymous material is you get the extremes,” McElfresh said. “You get people who are clearly unhappy, resentful and are almost assuredly overrepresented.”

The most prepared candidates will do all of the above. Just perusing Glassdoor or talking to one company-sponsored employee won’t give you the full picture. You’ve got to really do your research to figure out the fit.

A version of this story appeared in Protocol's Workplace newsletter. Sign up here to get it in your inbox three times a week.

The SEC reportedly will not push for a total ban on payment for order flow, a proposal that chair Gary Gensler said was "on the table" just a year ago.

Keep Reading Show less

The FDA this week announced that cooking chicken in NyQuil isn’t safe, which seems obvious; it came from a “NyQuil cooking challenge” video that went viral — more than a year ago.

Government warnings about viral online fads may come too late to be effective. The NyQuil chicken challenge resurfaced in January after starting as a joke on 4chan in 2017.

  • In June, the FDA warned of the dangers of keeping avocados fresh by placing them in water. That video was popular a couple years ago.
  • Schools and lawmakers took a few weeks to catch wind of, and warn parents about, a “devious licks” video that resulted in students damaging school property.
  • The Tide Pod challenge, which started as a joke on Twitter in late 2017 before making its way to YouTube and elsewhere, got the Consumer Product Safety Commission’s attention about a month after it went viral.
  • And French lawmakers needed a few months to warn against the 2018 “InMyFeelings” challenge, which involved getting out of a moving car and dancing.

Government leaders need a lesson on virality. The timing of these warnings highlights the difficulty of staying on top of potentially dangerous challenges, which can go viral in a matter of days. “The FDA is always playing catch-up with these things,” Jeffrey Blevins, a professor at the University of Cincinnati’s journalism department, told me. “It’s impossible for them to be ahead of it. Who in their right mind would have thought of NyQuil chicken?”

  • But the fact that the FDA and other government agencies need months — even years — to identify and warn people about dangerous viral trends defeats the purpose of the warning. Once the alert comes around, the damage may have already been done.
  • The way in which the FDA responds to harmful viral videos might not be that effective anyway: The ones making the posts go viral — kids — probably aren’t following government alerts, Blevins said. “I would really encourage these agencies to think about being a little more creative in how they respond,” he said.
  • The FDA could post TikToks or poke fun at the absurdity of cooking chicken with NyQuil while also explaining the harms, for example. (The FDA didn’t immediately return a request for comment.)

It’s not just the government; pediatricians, schools, and other organizations are aware of the dangers of social media trends and are trying to catch on to them quickly. But word spreads fast, and in order for the government’s warnings to be effective, they need to happen sooner.

A version of this story appeared in Thursday's Source Code. Sign up here to get it in your inbox each morning.

Kraken CEO Jesse Powell is stepping down and will be replaced by chief operating officer David Ripley, the company announced Wednesday.

Keep Reading Show less

Tuesday's “Made On YouTube” event was basically a competition to see how many ways creators and YouTube execs could talk about beating TikTok without actually saying the word “TikTok.”

Keep Reading Show less

Coinbase is launching a new product to connect developers to the Ethereum blockchain as part of its effort to offer a full stack of crypto infrastructure technology and diversify its business away from consumer trading revenue.

Keep Reading Show less

The tech industry is way ahead of the curve when it comes to setting climate goals, particularly compared to other major industries.

Keep Reading Show less

Privacy groups are outraged at New York's plan to install cameras in all subway cars in a bid to stop crime. The proposal, announced by Gov. Kathy Hochul on Tuesday, is an expansion of an earlier pilot project that the governor said was “working very well.” Under her expanded plan, there will be two cameras in each of New York’s 6,455 subway cars.

Keep Reading Show less

Microsoft is hoping that adoption of its latest version of Windows 11 will wipe out a popular technique for stealing credentials, thanks to the company's move to turn on certain security features by default in the operating system.

Keep Reading Show less

Leading U.S. companies including Amazon, Pfizer and PepsiCo have pledged to hire 20,000 refugees over the next three years.

Keep Reading Show less

The Department of the Treasury issued a request for comment Monday on Biden’s March executive order on cryptocurrency, creating a formal process around an issue that has already generated significant discussion. The Treasury is accepting comments through Nov. 3.

Keep Reading Show less

It's still unclear whether the breach of Uber's internal IT systems, revealed on Thursday, was anything more than embarrassing for the company.

Keep Reading Show less

In 2020, employees from Facebook and Twitter contacted the Pentagon with concerns about fake accounts they suspected had ties to the U.S. military, according to a Washington Post report. One Facebook executive even reached out to the Pentagon’s head of influence operations policy, Christopher C. Miller. The executive warned Miller that foreign adversaries could likely suss out the origin of these accounts, given that Facebook could, too.

Keep Reading Show less

A federal appeals court has once again backed a Texas law that would fundamentally remake social media by forcing companies such as Meta and Twitter to carry most content, including hate speech.

Keep Reading Show less

Call it a reconnaissance mission to Europe’s future Silicon Steppe.

Eric Schmidt, Alphabet’s technical adviser and former Google CEO, just returned from a personal mission to Ukraine where he scoped out its military tech operation and met with the country’s minister of defense. A tireless advocate and funder of emerging tech for defense and national security uses, Schmidt sees the war in Ukraine as a launch pad for fast-moving tech implementation.

Keep Reading Show less

The Biden administration offered a deeper look into its crypto game plan Friday, unveiling a strategy that focuses more closely on the risks posed by the controversial industry. It released nine reports that came in response to the president’s crypto executive order issued in March.

Keep Reading Show less

The Federal Trade Commission on Thursday signaled rising concern with manipulative digital interfaces, including subscriptions that auto-renew without disclosure, countdown clocks that falsely suggest deals will go away if customers don't buy quickly and the steering of consumers toward privacy options that give "away the most personal information."

Keep Reading Show less

ByteDance VR subsidiary Pico is getting ready to unveil its new headset next week: The company is holding an online event on Sept. 22, it revealed on social media Thursday. "We can’t wait to show you what we have in store for you," Pico teased in a posting on LinkedIn that promised a "new product announcement" and featured the silhouette of a VR headset.

Keep Reading Show less

Adobe is buying Figma. After Bloomberg reported the deal Thursday morning, both companies released announcements confirming the news. "With access to @Adobe's deep expertise and technology, we believe @Figma will be able to achieve our vision of 'making design accessible to all' even faster," Figma CEO Dylan Field tweeted.

Keep Reading Show less

TikTok made a rare appearance before Congress on Wednesday afternoon. Specifically, TikTok COO Vanessa Pappas testified on a panel alongside high-ranking executives from YouTube, Meta and Twitter. The group appeared before the Senate Homeland Security and Governmental Affairs Committee to answer questions about how their respective platforms could be used to promote extremism and civil unrest.

Keep Reading Show less

California Attorney General Rob Bonta has sued Amazon, alleging the company prevents price competition by punishing merchants and third-party sellers when they offer lower prices anywhere aside from Amazon's website, including with competitors such as Best Buy and Walmart.

Keep Reading Show less
Bulletins