That's still not a full answer, of course, your proprietary operating system or closed chipsets can spy on you.
Absolutism isn't helpful IMHO, there is no true security in this world only degrees of trust and risk. You can always go one step further in securing a product but the first step still matters.
I think there's real value in companies implementing e2e (and it's hard! it's super hard politically to get this done when the business sees little value for the effort and I know this because I've successfully fought to get e2e into a product).
The reality from my point of view is that it takes idealists inside to convince a commercial entity to lock themselves out of value (commercial surveillance) they could capture. I find a company's stance on e2e to be a valuable signal.
Verifying the software one is running is not absolutism. Just because one cannot provide 'perfect' security isn't a reason to give up trying to provide some security by elevating the effort requires to conduct an attack. That locks can be picked isn't an excuse to not bother locking the door.
You'll note that logically a company cannot actually solve this problem themselves in a satisfactory way, since you would have the same problem trusting the verification mechanism as you did trusting their app in the first place.
What you want belongs as an operating system or app distribution mechanism concern. A third party OS extension might make sense. Even that's a bit fraught if there is any kind of dynamic code execution (aka code that appears at runtime, say, a web view).
"We report all apparent instances of child exploitation appearing on our service from anywhere in the world to the National Center for Missing and Exploited Children (NCMEC),"
The fact that one of the founders of Whatsapp left Facebook in a disagreement, leaving $850M of unvested options on the table, and took what he had earned to found the Signal Foundation is a pretty clear indicator towards something in that direction at least.
Absolutism isn't helpful IMHO, there is no true security in this world only degrees of trust and risk. You can always go one step further in securing a product but the first step still matters.
I think there's real value in companies implementing e2e (and it's hard! it's super hard politically to get this done when the business sees little value for the effort and I know this because I've successfully fought to get e2e into a product).
The reality from my point of view is that it takes idealists inside to convince a commercial entity to lock themselves out of value (commercial surveillance) they could capture. I find a company's stance on e2e to be a valuable signal.