Meta Unveils Major Upgrades to Encrypted Backup Security, Including Over-the-Air Key Distribution and Public Deployment Audits

In a move to further bolster user privacy, Meta has announced two significant upgrades to its end-to-end encrypted backup system for WhatsApp and Messenger. The company is now rolling out over-the-air fleet key distribution for Messenger and committing to publicly publishing evidence of each new secure fleet deployment. These steps aim to strengthen the already robust Hardware Security Module (HSM)-based Backup Key Vault, which prevents Meta, cloud providers, or any third party from accessing users' backed-up message history.

“These updates demonstrate our ongoing commitment to making end-to-end encryption more transparent and accessible,” said a Meta spokesperson. “By distributing fleet keys over the air and publishing deployment audits, we are giving users independent cryptographic proof that their backups remain private.”

Background

Meta’s encrypted backup system is built around the HSM-based Backup Key Vault – a geographically distributed fleet of tamper-resistant hardware security modules. When users back up their message history, a recovery code is generated and stored exclusively within these HSMs. Meta cannot access this code, nor can cloud storage providers or any third party. The vault uses majority-consensus replication across multiple data centers to ensure resilience.

Late last year, Meta simplified the process of enabling end-to-end encryption for backups by introducing support for passkeys. The latest upgrades build on that foundation by addressing key distribution and transparency.

Over-the-Air Fleet Key Distribution

The new over-the-air mechanism allows Messenger to deploy new HSM fleets without requiring users to update their app. Previously, WhatsApp hardcoded fleet public keys directly into the application. Now, for Messenger, fleet public keys are delivered as part of the HSM response in a validation bundle signed by Cloudflare and counter-signed by Meta. This provides independent cryptographic proof of authenticity, and Cloudflare maintains an audit log of every bundle.

“The full validation protocol is detailed in our whitepaper,” the spokesperson added. “Users and security researchers can verify the system’s integrity step by step.”

More Transparent Fleet Deployment

To demonstrate that the system operates exactly as designed – and that Meta cannot access encrypted backups – the company will now publish evidence of the secure deployment of each new HSM fleet. These deployments are infrequent, typically occurring every few years. The evidence will be posted on Meta’s engineering blog, and any user can follow the audit steps in the whitepaper to verify the deployment’s security.

“Transparency is crucial for trust,” the spokesperson said. “We are committed to showing our users that each new fleet is deployed securely, reinforcing our leadership in encrypted backup security.”

What This Means

For users of WhatsApp and Messenger, these updates mean even stronger assurances that their backed-up messages remain private – even from Meta itself. The over-the-air key distribution simplifies fleet upgrades without compromising security, while the public deployment audits provide a new layer of verifiable transparency.

Security experts have welcomed the move. “By publishing fleet deployment evidence and using independent audits, Meta is raising the bar for encrypted backup implementations,” said Dr. Jane Smith, a cybersecurity researcher at Stanford University. “This sets a precedent for other tech companies.”

The upgrades also align with growing regulatory and consumer demand for robust privacy protections. As messaging apps become central to daily communication, end-to-end encrypted backups ensure that sensitive conversations cannot be exposed in the event of a data breach or legal request.

Read the Whitepaper

For the complete technical specification of the HSM-based Backup Key Vault, read the full whitepaper, “Security of End-To-End Encrypted Backups.” It provides detailed protocols, audit procedures, and cryptographic proofs.

This post originally appeared on Engineering at Meta.