[lxgr]

> Are people publicly archiving, reverse engineering, and auditing every single version of Whatsapp?

Absolutely for archiving: https://androidapks.com/whatsapp-messenger/com-whatsapp/old/

Reverse engineering to some extent as well – it's an extremely popular app, and as such attracts both security researchers and bloggers that just want to get scoops on new features behind feature flags etc.

> Would you even know if you got a special copy of Whatsapp (still signed by Meta and valid) that has this explicit code?

Given the above, it's feasible – at least on Android, it's fairly easy to hash the .apk you've received and compare it to publicly know versions.

The threat of somebody finding unusual code on their phone will probably not deter targeted deploys by sophisticated/state level actors to specific users, but it goes some way towards making it implausible that everybody is running a backdoored version, potentially backdoored by Meta themselves, which is arguably the goal.