Imagine if they pushed an update of the app out with the vuln to only some users, or users in {country} in their app release configs
"Imagine an arbitrarily powerful adversary operating in arbitrarily narrow, undetectable ways" is not meaningful threat modeling beside being a kind of Universal Goalpost Moving technique. It is not a 'meme' that WhatsApp is e2e encrypted if that's the form and content of your objection. The other thing is still the meme!
> "Imagine an arbitrarily powerful adversary operating in arbitrarily narrow, undetectable ways
Imagine reading the docs. It's a literal thing you can do by pushing code down to the mobile client from your server. We do this all the time for our app. I'm not sure what you're arguing.
Imagine if they pushed an update of the app out with the vuln to only some users, or users in {country} in their app release configs