This is part of the beauty of e2e encryption because you have reasonable access to the "ends". For unencrypted traffic you have no access to the "in transit" part so no knowledge about potential compromise. Since you're relatively confident with e2e that the message can't be read in transit, you only need to check the parts of the transaction you have access to.

In this case, we can check the sender's end by looking at what external entities are accessed (network & API requests from the client). For WhatsApp, there's a total of three I'm aware of:

1. The OS keyboard API. This theoretically means Apple or Google can read everything you type (but not necessarily messages you receive).

2. The Giphy search API for retrieving a list of GIFs to choose from (notable as this means Giphy also gets metadata about your thought process in choosing a GIF, even if you never send one).

3. The HTTP request to Giphy to retrieve the chosen GIF (I'm not 100% sure if this is distinct from the above search request results, due to resolution differences, or if they're all one-in-the-same).