This is also why normal chats work in multi-device environments, but secret chats don't. Unlike iMessage (and I assume Signal - haven't looked at the actual protocol), they don't do anything fancy like making the sender encrypt messages with multiple public keys (one for each device the recipient owns).
To deliver a message they both need to be online at the same time. For group messages you need to be very clever to get it working when only part of the people are online. The key destribution is also extreamly difficulte.
So lots of problem for very little gain.
What would be smart is to have a federated architecture so people can host their own servers and that would solve PART of the same problems, pure peer-to-peer would solve. Actor is devloping in this direction, and they want to get it working with Signal protocol, Signal itself would probebly do it as well if they had the manpower.
Whatever the server, if the client encryption is reliable, data can't be read on the server side.
if the client encryption is reliable
And are there any property of MTProto that makes it infeasible to replace AES IGE in a later revision of the protocol?
Basically, crowdfunded audits of open source crypto tech have been done before; I'd be up for helping with this if it made sense, since currently my sec dev skill are not that useful:
Might be worth funding a exploitable bug bounty too.
That is a fairly ridiculous challenge. Your average crypto professional is not going to have access to the communications channels between the two phones. The NSA or CIA or other government group might, but not really anyone else. Putting this up as a challenge is just silly.
If the work together with the NSA then its more likly that they deploy bad updates to individuels rather then deploying a backdoor to everybody. That is to easy to detect and it would be a marketing desaster.