End-to-end encryption is a cornerstone of modern messaging privacy, and Meta is taking significant steps to ensure that even backups of conversations remain secure. By leveraging a hardware-backed system known as the HSM-based Backup Key Vault, Meta protects the recovery codes that unlock encrypted backups for both WhatsApp and Messenger. Recent updates enhance this system with over-the-air key distribution for Messenger and a new commitment to publicly verify the security of each fleet deployment.
The Foundation: HSM-Based Backup Key Vault
The core of Meta's encrypted backup infrastructure is the HSM-based Backup Key Vault. This system allows users to protect their backed-up message history with a recovery code, which is stored inside tamper-resistant Hardware Security Modules (HSMs). Because the HSMs are physically secured and isolated, neither Meta, cloud storage providers, nor any third party can access the recovery code. The vault itself operates as a geographically distributed fleet across multiple data centers, using majority-consensus replication to ensure high availability and resilience.
For WhatsApp users, fleet public keys have traditionally been hardcoded into the app. However, to support Messenger without requiring frequent app updates, Meta developed a more flexible approach. This evolution prioritizes both security and user convenience while maintaining strict cryptographic controls.
Recent Enhancements to Strengthen Security
In the past year, Meta made it easier to end-to-end encrypt backups using passkeys. Now, the company is rolling out two additional improvements that reinforce the underlying infrastructure: over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments.
Over-the-Air Fleet Key Distribution for Messenger
To verify the authenticity of an HSM fleet, client applications must validate the fleet's public keys before establishing a secure session. For Messenger, Meta built a mechanism to distribute these fleet public keys over the air as part of the HSM response, eliminating the need for a full app update every time a new fleet is deployed.
Fleet keys are delivered in a validation bundle that is signed by Cloudflare and counter-signed by Meta. This dual signing provides independent cryptographic proof of the bundle's authenticity. Cloudflare also maintains an audit log of every validation bundle, offering an additional layer of transparency. The complete validation protocol is described in Meta's whitepaper, “Security of End-To-End Encrypted Backups.”
Commitment to Transparent Fleet Deployment
Transparency is essential to demonstrating that the system operates as designed and that Meta cannot access users’ encrypted backups. Going forward, Meta will publish evidence of the secure deployment of each new HSM fleet on the company's engineering blog. New fleet deployments are infrequent—typically no more than every few years—so each one represents a critical milestone.
Any user can verify the security of a new fleet by following the steps outlined in the Audit section of the whitepaper. This public verification process reinforces Meta’s leadership in the field of secure encrypted backups and gives users tangible proof that their data remains private.
Further Reading
For the complete technical specification of the HSM-based Backup Key Vault, including detailed cryptographic protocols and audit procedures, refer to the full whitepaper: “Security of End-To-End Encrypted Backups.”
By combining hardware security modules with over-the-air key distribution and transparent deployment practices, Meta is building a robust foundation for end-to-end encrypted backups that instills trust and protects user privacy.