I wonder if for closed-source apps if governments can not just force the key collection the same way they would force decryption with centralized keys.