Recent Australian laws make it possible to force Australian companies and individuals to compromise software to defeat encryption. Which could be as simple as getting a boutique update delivered to a device that includes a screen recorder or keylogger, and it doesn't necessarily have to be the messaging app that gets compromised. That isn't really a problem unique to Australia or state level actors. I think apple and Android have some protections against screen recording.
It wouldn't have to be the e2e software as the delivery app for the payload or tooling. Regardless it was more about the fact that governments and other actors have options. Phones are just like any other software platform.
Any “boutique update” you’re talking about would require compromising the OS development process, which means that any protections against scene recording would be easy to remove or work around.
That is the hope. But who to trust? Not to mention, some apps already have the permissions for their legitimate use cases, so why not just pick one of those? It may not even require a client update, just requisition of the data from the company. The underlying idea is that smartphones are safer, but they are still software, and your trust points are spread very thin over literally hundreds of people and companies. All of this, blasting across the internet and into dozens of other peoples servers daily. It's hard to consider it secure.
