You can literally encrypt the backup itself and use a pass phrase for unlocks. WhatsApp already does just that. Also WhatsApp uses Signals encryption and last time it was audited it passed with flying colours.
It’s possible they can push an update that would do client side scanning of messages while typed or that have been sent but this would be trivial to find out about and has never been reported on.
Who said the backup needs to be insecure?
You can literally encrypt the backup itself and use a pass phrase for unlocks. WhatsApp already does just that. Also WhatsApp uses Signals encryption and last time it was audited it passed with flying colours.
It’s possible they can push an update that would do client side scanning of messages while typed or that have been sent but this would be trivial to find out about and has never been reported on.
The issue isn’t the data directly, it’s the metadata.
Also, if a recipient decides to flag a message on Whatsapp, that message gets copied and sent to Facebook.