For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it’s not open source, you can’t be sure that the encryption keys aren’t sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?
The E2E keys are exchanged over Meta servers, right? Couldn’t they just store the keys and decrypt on the server?
Only public keys get exchanged via Meta’s servers, those keys don’t help you with trying to decrypt any messages (you need the corresponding private key to decrypt - and that private key stays on the device).
Sure, they could just do a man in the middle, but that can be detected by verifying the keys (once, via another channel).
Makes sense. It does leave the MitM option open as you said, but if they did something nefarious here, it would have long been seen in at least a couple of cases due to OOB verification.