Metadata in End-to-End Encryption: Achilles’ Heel or Shield?

**TL;DR:** A zero-click WhatsApp PDF parsing vulnerability was used by Paragon to deploy Graphite spyware; WhatsApp mitigated the 0-click exploit server-side by blocking automatic PDF previews (using exposed request metadata such as mode and mms-type), reducing infection stealth at the cost of blurry previews and revealing how E2EE metadata can enable defensive actions.