If they modified the RNG of person A's phone app during a forced stealth update, then shouldn't person B not be able to decrypt the message? Have you ever had an app update to Whatsapp that you cannot communicate with other people until you are forced to update? The alternative is that there is a vast internal conspiracy at meta that hundreds of engineers, and hundreds of ex-engineers are somehow silent on, which would be using 2 encryption keys, one that law enforcement can read, and one that the other end of the device can read. Isn't provable that Whatsapp the app is using the operating system level secure prng functions? If there was evidence of this, wouldn't it be great for a whistleblower to come out and make a killing shorting Meta's stock? Right now would be the perfect time to be kicked while they are down.
> then shouldn't person B not be able to decrypt the message?
The RNG example is a way to create keys that make it trivial for "C in the middle" with the RNG details to extract the contents. They are still valid, just not useful as keys.
The Juniper attack and Dual EC exploit is a good real world example of compromising an RNG for passive decryption, although Dual EC was designed to be like that.
