The problem is that most security technologies only provide protection against specific attack vectors and attackers under specific conditions.
Without understanding these technologies very deeply, they are all creating a false sense of security to some degree.
That doesn't make your statement false, just very difficult to apply. That's not to say it can never be applied. There are clearly cases in which people are deliberately mislead.
But whatsapp markets itself as a secure system when the client just blindly accepts re-keying from the server without notifying the user by default,
It could easily have the notification on by default, and when a user turns it off actually explain that you are no longer secure.
The very best would of course be to require the users to physically exchange keys whenever they get a new phone etc, but we all know this will never happen.
I agree that there is much room for improvement. Instead of simply turning warnings on or off, they could let users enable warnings for some contacts but not others.
But my point is that the current approach is not simply "false security". It is incomplete or optional security against specific threats and not others. Depending on a particular user's expectations it may amount to false security. You're right about that. But it's not clear to me that having this sort of security is worse than nothing for the average user.
Also, you have to consider that this sort of optional and partial security used by a very large number of people allows those with real security needs to hide in the crowd. Taking a clear all or nothing approach, as you suggest, would put a bullseye on the back of those who do need security.
Without understanding these technologies very deeply, they are all creating a false sense of security to some degree.
That doesn't make your statement false, just very difficult to apply. That's not to say it can never be applied. There are clearly cases in which people are deliberately mislead.