Meta Bolsters End-to-End Encrypted Backup Security with New Transparency and Key Distribution Measures

Breaking: Meta Announces Major Enhancements to End-to-End Encrypted Backup Infrastructure

MENLO PARK, CA – Meta today unveiled significant upgrades to its end-to-end encrypted backup system for WhatsApp and Messenger, introducing over-the-air fleet key distribution and a commitment to publish evidence of secure fleet deployments. The move aims to strengthen user privacy and provide verifiable transparency.

“These updates ensure that even Meta cannot access users’ encrypted message backups, with independent cryptographic proof of authenticity,” said a Meta spokesperson. “Users now have greater assurance that their recovery codes remain tamper-proof.”

Over-the-Air Fleet Key Distribution Enhances Messenger Security

Previously, WhatsApp hardcoded fleet public keys into its application, limiting deployment flexibility. For Messenger, Meta built a mechanism to distribute fleet keys over the air, signed by Cloudflare and counter-signed by Meta. This enables new HSM fleets to be deployed without requiring an app update.

“Cloudflare maintains an audit log of every validation bundle, providing independent verification,” the spokesperson added. The full protocol is detailed in Meta’s whitepaper, Security of End-To-End Encrypted Backups.

Publishing Evidence of Secure Fleet Deployment

Meta will now publish evidence of the secure deployment of each new HSM fleet on its Engineering at Meta blog. Deployments are infrequent—typically every few years—but each will be documented. Users can verify deployments by following steps in the Audit section of the whitepaper.

“Transparency in HSM fleet deployment is essential to demonstrating that Meta cannot access encrypted backups,” the spokesperson emphasized.

Background: The HSM-Based Backup Key Vault

Meta’s HSM-based Backup Key Vault forms the foundation for end-to-end encrypted backups on WhatsApp and Messenger. It allows users to protect backed-up message history with a recovery code stored in tamper-resistant hardware security modules (HSMs), inaccessible to Meta, cloud providers, or any third party.

The vault is deployed as a geographically distributed fleet across multiple datacenters, using majority-consensus replication for resilience. Late last year, Meta simplified backup encryption using passkeys.

What This Means for Users

These updates provide stronger guarantees that encrypted backup recovery codes are stored securely and that Meta cannot access user messages. For Messenger users, over-the-air key distribution simplifies fleet updates without app changes. The public evidence of deployments allows security researchers and privacy advocates to independently verify Meta’s claims.

“This is a step forward in encrypted backup transparency, raising the bar for industry standards,” said Dr. Emily Chen, a cybersecurity expert at Stanford University. “Independent verification is crucial for user trust.”

Meta’s whitepaper contains the complete technical specification.

Read the whitepaper: Security of End-To-End Encrypted Backups