It would take a very concerted effort. There are multiple levels of encryption and the best practice is that only verified builds can run in production and only non-humans are ACLd to access security keys. Any attempt to do so would be limited to a very small group of people, trivially logged, caught by AI for inappropriate behavior, and cause a firing.

Right but Google owns the encryption, which means I have to assume they are reading the messages. They changed their policy once, they can change it again.