Unfortunately, I don’t think end-to-end encryption guarantees much when it comes to legal intercept in proprietary messaging apps. The intercept functionality could be done in the client and capture data, not just metadata.

Why hasn't any evidence of such client-side interception ever been surfaced? Reversing apps and software has been done since forever, and has been used to discover things the app-makers don't want made public - such as unannounced new products, but this happens perennialy with Apple & OS updates, and upcoming features in apps that are behind flags.

> Why hasn't any evidence of such client-side interception ever been surfaced?

In such scenario only the target of the wiretap would receive the modified client application. Both google and apple allow pushing updates to small subset of users. It's not unthinkable that they also have the (internal) ability to push a specific update to a specific user.

But I guess now you'll move the goalpost to ask "Why hasn't any Googler come forward and admitted it's happening?" That is a fair question, but I think most people would see this legal spying as no big deal and perhaps even a good thing.

> It's not unthinkable that they also have the (internal) ability to push a specific update to a specific user.

So the lack of evidence is itself evidence of another layer of nefarious activity? Are Apple in on it too (since they approve updates control the app store roll-outs)? I have no stomach for debates over unfalsifiable scenarios - your position is clearly set in stone.