I can't reply to your other comment for some reason, so I'm replying to this one.
>If WhatsApp is so evil that they've backdoored their product
Unless they want to go the way of Lavabit, every company is evil when kindly asked to be. (Well, maybe it helps when you have the weight of Apple, but that wasn't even a NSL if we heard about it.)
>it is "supervillain monologuing for an hour while the hero escapes"-grade stupid to leave that backdoor in their source code.
And if they don't, a reproducible build process will cause someone to notice the binary doesn't match up and sound the alarm, somewhat similar to how a warrant canary works even if not everyone is checking it. (Sure, the company could always go back on their open source promise for other reasons, but at least everyone is left with a last known-likely-good inspectable and forkable version.)
>If WhatsApp is so evil that they've backdoored their product
Unless they want to go the way of Lavabit, every company is evil when kindly asked to be. (Well, maybe it helps when you have the weight of Apple, but that wasn't even a NSL if we heard about it.)
>it is "supervillain monologuing for an hour while the hero escapes"-grade stupid to leave that backdoor in their source code.
And if they don't, a reproducible build process will cause someone to notice the binary doesn't match up and sound the alarm, somewhat similar to how a warrant canary works even if not everyone is checking it. (Sure, the company could always go back on their open source promise for other reasons, but at least everyone is left with a last known-likely-good inspectable and forkable version.)