For open source messengers, you can check whether they actually encrypt your messages and whether the server has access to your encryption keys but what about WhatsApp? Since it’s not open source, you can’t be sure that the encryption keys aren’t sent to the server, right? Has there been a case where a government was able to access WhatsApp chats without reading them from the phone itself?
Makes sense. It does leave the MitM option open as you said, but if they did something nefarious here, it would have long been seen in at least a couple of cases due to OOB verification.