A few things about this article on the claims WhatsApp's E2EE is fake:
The most important thing to keep in mind here is that Meta’s encryption happens on the client application, the one you run on your phone. If the claims in this lawsuit are true, then Meta would have to alter the WhatsApp application so that plaintext (unencrypted) data would be uploaded from your app’s message database to some infrastructure at Meta, or else the keys would
They would not have to be sent as plaintext. They would be sent encrypted with some key that Meta owns.
The other simple way of doing this is to intentionally weaken the key generation function. If you are generating a key with 128 bits of entropy, you can start with a 96-bit secret shared between the server and the client. Then you add 32 bits of random number and feed the result through some cryptographic hash function. You end up with a key that, to an outside observer, is one of 2128 possible values. But to the server operator, it is one of 232 possible values and so takes a few seconds of CPU time to recover. And there are ways of doing this that look a lot like an honest mistake. Telegram has a thing in their protocol for the server to provide part of the entropy seed, which they claim is intended to provide additional defence for devices with weak entropy sources and critics argue is for exactly this kind of attack. Putting the same kind of entropy seed into an out-of-band request to another Meta service that WhatsApp uses would be quite feasible.
And there are ways of hiding this kind of thing from various forms of forensic analysis, such as dynamically patching the random number generator from another thread when some trigger is applied. It's not impossible to find, it's just really hard, and someone would have to be looking for the right thing.
There's also WhatsApp Web. This runs something in the web browser that talks to your phone and uses end-to-end encryption with a key exchanged by a QR code shown in the browser. Signal does not implement a feature like this because designing it in such a way that it's verifiably (by the user) secure is almost impossible.
