Last time I looked at it, WhatsApp backup key was simply stored server side. Also, backup encryption key never changes, basically. I tell you this because I needed to extract an old backup that I did on Android years ago to recover some messages: well it was as simple as extracting the key from another phone where I was signed into (need root privileges, but of course you can just access the account from an emulator, insert the SMS code, recover the key and sign in again on the main phone), then the backup is easily decrypted. And no passphrase needed (and even if it is, how it would be difficult to brute force? Considering that users use the same password everywhere...)
This for local backups, but I assume that the encryption schema is the same for a backup on Google Drive (just the file that would be stored locally is uploaded into Google Drive in a non user accessible location).
By the way I don't care that much of backup secrecy, in fact I use mainly Telegram even if everything is on the server clear text. WhatsApp tries to give users a false sense of security in my opinion.
I believe you are mistaken, and the NCC group analysis makes it quite clear that the locally-stored backup key is not the same as the "export key": the export key is the encrypted version of the local backup key. WhatsApp servers only have access to the export key, not the local backup key. The fact that you could extract the local backup key with physical access to your device and root privileges does not mean that the key is stored remotely in plaintext.
This for local backups, but I assume that the encryption schema is the same for a backup on Google Drive (just the file that would be stored locally is uploaded into Google Drive in a non user accessible location).
By the way I don't care that much of backup secrecy, in fact I use mainly Telegram even if everything is on the server clear text. WhatsApp tries to give users a false sense of security in my opinion.