> Wasn't whatsapp all over the news for its "replace the encryption key transparently without notifying the user" feature ? Also facebook.
Which was a conscious design decision. Not doing that (even for people that had turned on "notify on key changes"), would let whatsapp know which users could be securely MITM'd. Neither is a very good choice, but an understandable trade-off when it comes to security vs usability.