Considering how popular WhatsApp is, it's very hard to believe that there are no security researchers reverse-engineering its crypto code.
Because WhatsApp uses end-to-end encryption, any backdoor must necessarily be on the client side, and all client-side code can ultimately be reverse-engineered. This makes such backdoors very tricky to implement.
With that said, while I think a "general backdoor" (one that weakens the crypto algorithms so much that all messages can ultimately be read by Meta) is super unlikely, a "vulnerability" in some image parsing library, designed and implemented by the NSA, and only used on the most interesting targets... now that's a different story.
> any backdoor must necessarily be on the client side
True, but it might be a part of an update that only hits a white-list of users, so you won't find the actual code that steals your private keys if you're on that list.
This is not allowed as far as I know, at least on iOS.
iOS apps aren't allowed to run arbitrary code that hasn't been signed by Apple. What goes in the AppStore is what runs on your device, and apps are physically incapable of writing data to executable memory. Safari / the built-in Javascript interpreter (and I guess third-party browsers in the EU) are notable exceptions here, as they need JIT.
Sure, Apple could develop special infrastructure to push fake updates to a predesignated list of targets, but at that point, you don't even need collaboration from Meta, and open source apps like Signal are just as vulnerable.
If Apple was willing to go that way, they wouldn't even need to bother with app updates. Ultimately, your messaging history has to be stored on your device in a way that your device can decrypt, and Apple could just steal that info.
I can't speak to what the situation is like on Android, but I presume similar mechanisms exist.
Because WhatsApp uses end-to-end encryption, any backdoor must necessarily be on the client side, and all client-side code can ultimately be reverse-engineered. This makes such backdoors very tricky to implement.
With that said, while I think a "general backdoor" (one that weakens the crypto algorithms so much that all messages can ultimately be read by Meta) is super unlikely, a "vulnerability" in some image parsing library, designed and implemented by the NSA, and only used on the most interesting targets... now that's a different story.