Well, yes, they have been found to bypass tracking restrictions, most recently using Local Mess (https://localmess.github.io/), but they haven't been found exfiltrating WhatsApp private keys or messages in plaintext. And people are looking for this specifically.