And anyone with sufficient access could push an update from the app store to a selected target that bypasses the normal security protocols of any given messaging app. Who checks their app store downloads against source code?
We're mostly talking about government agencies here that would force Facebook to act in that way. And even though they could force them to try to intercept messages of a user with an ESL, they can't force them to introduce a vulnerability for all users.
Especially as ESL are usually kept secret within the company, this would be too risky, developers would ultimately find such a backdoor (especially since it generates a lot of server traffic).
