Meta Advances End-to-End Encrypted Backups with Enhanced Key Distribution and Transparency

Introduction: A Foundation of Trust

Meta is continuing to bolster the security of end-to-end (E2E) encrypted backups for both WhatsApp and Messenger, building on its existing HSM-based Backup Key Vault. This system allows users to safeguard their message history with a recovery code stored in tamper-resistant hardware security modules (HSMs). These HSMs are designed so that neither Meta, cloud storage providers, nor any third party can access the recovery code. The vault operates across a geographically distributed fleet of HSMs spread over multiple datacenters, using a majority-consensus replication model to ensure resilience and availability.

Earlier this year, Meta made it simpler to encrypt backups using passkeys. Now, the company is rolling out two significant upgrades to the underlying infrastructure: over-the-air fleet key distribution for Messenger and a formal commitment to publishing evidence of secure fleet deployments. These enhancements further strengthen the protection of password-based E2E encrypted backups.

Over-the-Air Fleet Key Distribution for Messenger

To establish a secure session with the HSM fleet, clients must first verify the fleet’s public keys. In WhatsApp, these keys are hardcoded into the application. However, for Messenger, where new HSM fleets may need to be deployed without requiring a user to update the app, Meta developed an over-the-air key distribution mechanism.

When a client connects, the HSM responds with a validation bundle containing the fleet’s public keys. This bundle is signed by Cloudflare and countersigned by Meta, providing independent cryptographic proof of authenticity. Cloudflare also maintains an audit log of every validation bundle issued. This approach ensures that even if the client app is not updated, it can still trust the new fleet keys.

For a full technical breakdown of the validation protocol, refer to the whitepaper, “Security of End-To-End Encrypted Backups.”

Greater Transparency in Fleet Deployment

Transparency is critical to demonstrating that the system operates as designed and that Meta cannot access users’ encrypted backups. To this end, Meta is now committing to publish evidence of the secure deployment of each new HSM fleet on this blog page. Although new fleet deployments are infrequent—typically no more than once every few years—this initiative provides users with verifiable proof that each fleet was deployed securely.

Any user can independently verify the deployment integrity by following the audit steps outlined in the whitepaper. This commitment cements Meta’s leadership in secure encrypted backups and builds public trust through transparency.

Read the Whitepaper

For the complete technical specification of the HSM-based Backup Key Vault, please read the full whitepaper: “Security of End-To-End Encrypted Backups”.

Key Takeaways

• Foundation: The HSM-based Backup Key Vault ensures recovery codes are stored in tamper-resistant HSMs, inaccessible to Meta or third parties.
• Passkeys: Late last year, Meta introduced passkeys to simplify E2E backup encryption.
• Over-the-air keys: Messenger now supports fleet key distribution without app updates, validated by Cloudflare and Meta signatures with an audit trail.
• Transparency: Meta will publish deployment evidence for each new HSM fleet, allowing independent user verification.