> Messages are e2e and WA doesn't have access to them. We're talking about the metadata here.

You're still just blindly trusting this is the case. You can't verify the encryption or any of the code.

It would be trivial to actually encrypt the message and send it out and then store an unecrypted version locally and quietly exfiltrate it later.

They have to already be storing an unecrypted version locally, because you can see the messages. So unless your analyzing packets on the scale of months or years, you cannot possibly know that it isn't being exfiltrate at some point.

Take it a step further: put the extiltration behind a flag, and then when the NSA asks, turn on the flag for that person. Security researchers will never find it.