SYSTEM Cited by 1 source

WhatsApp E2EE backups

WhatsApp E2EE backups is the user-facing end-to-end-encrypted backup feature for message history on WhatsApp and Messenger. The user's recovery code — or, since late 2025, a passkey — authenticates the user to the backup system; the resulting key material is stored inside the HSM-based Backup Key Vault, which is built so that "the recovery code is stored in tamper-resistant hardware security modules (HSMs) and is inaccessible to Meta, cloud storage providers, or any third party" (Meta Engineering, 2026-05-01).

This page is a minimum-viable stub; the architectural substance lives on:

• systems/whatsapp-hsm-backup-key-vault — the substrate (HSM fleet + majority-consensus replication + OTA / hardcoded fleet-key distribution)
• concepts/end-to-end-encryption — the invariant E2EE backups extend from "in transit" to "also at rest"
• concepts/trust-anchor-distribution — the load-bearing problem the 2026-05-01 post hardens

Milestones

• 2021-09-10 — WhatsApp launches E2EE backups; Meta Engineering announces the HSM-based Backup Key Vault substrate (not ingested on this wiki).
• Late 2025 — Passkey-based E2EE backups ship for WhatsApp as an alternative to the recovery-code path.
• 2026-05-01 — Meta strengthens the password-based path with OTA fleet-key distribution for Messenger (Cloudflare-signed + Meta-countersigned validation bundle; Cloudflare-maintained audit log) + commits to publishing deployment evidence on each new HSM-fleet rollover.

Seen in

• sources/2026-05-01-meta-strengthening-end-to-end-encrypted-backups — framed as the product surface whose underlying infrastructure (the HSM Backup Key Vault + its trust-anchor-distribution mechanism) is what the 2026-05-01 post hardens.

Related

• companies/meta
• systems/whatsapp · systems/messenger
• systems/whatsapp-hsm-backup-key-vault
• concepts/end-to-end-encryption · concepts/hardware-security-module · concepts/passkey-authentication · concepts/trust-anchor-distribution