But if they were to do so, it could be done so that there likely wouldn't be anything in the visible application or its behaviour to highlight the change to a regular user. Unless you somehow see that the key ratcheting is in use and can confirm the two-sided key state out of band with your peer, you can't tell without disassembling the client.

However, this feels like derailing quite far from the original topic. The contract and assumption of E2E protection unavoidably relies on trusting the client(s) and the devices they run on.