I could have sworn WA isn't true e2e. As in it's encrypted over the wire, but the Meta servers decrypt the data during relay.

No, WhatsApp is truly e2e encrypted and uses the same Ratchet algorithm in Signal, IIRC. That's why tptacek and moxie were generally positive about it.

I think there's something about key rotation and a default setting where it doesn't notify you if the keys change, or something like that, at one point.

It's most likely e2e up until the moment LEO requests information on a particular user and then Meta updates your app to a trojaned version, that just APPEARS E2E.

It also heavily encourages you to “back up” your messages to them in an unencrypted manner. It will bug you literally every time you enter the app if you opt out of this “feature”.

Can’t confirm, it’s disabled for me, and it has never again asked me to. It also offers the option of encrypting my backups.