> They can push a software update to undo that encryption any time they want to
Of course this is true, but it's such a reductive view of the broader security picture.
If messages are plaintext, they can be leaked by a hacker, accessed by an insider, not wiped from some drives they throw out for recycling... None of these attack vectors require the provider being evil, so removing them already reduces your exposure by a lot.
Secondly, if you're being targeted by hackers that have already gotten into the messaging provider, looking at some rows in a database is waaay easier and safer than somehow sneaking exhilaration code into the next release build of the app.
Finally, if your main adversary are government agents with a warrant, there is a huge legal difference between forcing the company to ship malicious code (possibly to all users) and simply printing out a few rows in a database. IIRC Apple has already won at least once in US court on this exact point.
Of course this is true, but it's such a reductive view of the broader security picture.
If messages are plaintext, they can be leaked by a hacker, accessed by an insider, not wiped from some drives they throw out for recycling... None of these attack vectors require the provider being evil, so removing them already reduces your exposure by a lot.
Secondly, if you're being targeted by hackers that have already gotten into the messaging provider, looking at some rows in a database is waaay easier and safer than somehow sneaking exhilaration code into the next release build of the app.
Finally, if your main adversary are government agents with a warrant, there is a huge legal difference between forcing the company to ship malicious code (possibly to all users) and simply printing out a few rows in a database. IIRC Apple has already won at least once in US court on this exact point.