If the messages are managed on the two ends of the channel by a closed source binary that does who-knows-what.
The meme/trope is that you can't possibly know what such an app does without the source. It just isn't true. There'd be no meaningful phone vulnerability research if it was.
Imagine if they pushed an update of the app out with the vuln to only some users, or users in {country} in their app release configs
"Imagine an arbitrarily powerful adversary operating in arbitrarily narrow, undetectable ways" is not meaningful threat modeling beside being a kind of Universal Goalpost Moving technique. It is not a 'meme' that WhatsApp is e2e encrypted if that's the form and content of your objection. The other thing is still the meme!
> "Imagine an arbitrarily powerful adversary operating in arbitrarily narrow, undetectable ways
Imagine reading the docs. It's a literal thing you can do by pushing code down to the mobile client from your server. We do this all the time for our app. I'm not sure what you're arguing.
The meme/trope is that you can't possibly know what such an app does without the source. It just isn't true. There'd be no meaningful phone vulnerability research if it was.