Re: "Ship! Come back!"
WhatsApp is a closed source app that implements an open source protocol (signal).
If they add the capability to generate a new group key-pair whenever requested by the server without authorisation within the app, then a systemic weakness had just been included that anyone who manages to pwn WhatsApp servers can now exploit.
You might as well just let the server manage the session keys.
And if you have ever run a Java decompiler (I have but for the record, not on WhatsApp or any other application for which I did not have permission to do so), you would struggle to hide "if (request.Guid==magicGuid) return true;" inside the method responsible for collecting user's consent. The bad guys would have that line NO-OPd within minutes of it being discovered, or they will just move onto whatever other app that implements the signal protocol but is based in whoknowswhere.