It actually doesn’t need to be so elaborate. Even a video camera with the lens cap on generates more than enough entropy. Your phone can mix together predictable but unique variations - time of day, free memory, CPU serial number, battery level - with less predictable physical sensory - light level, gyroscope, barometer, last touch points, nearby MAC addresses - to create far more on-board randomness than anyone realistically needs.

That said, the whole Cloudflare lava lamp thing is very cool and also gets people talking.

Creating the secure key pairs used for true E2EE requires a mathematical foundation of true randomness, which can only be achieved on a device by working with the OS, through an API call, to get a random seed that includes pseudorandom numbers from the device’s sensors. There was a post a while back where a dev used ADB to read the API calls used during WhatsApp account setup that showed that no such calls were made, meaning the keys were either totally predictable, or were actually generated by Meta themselves.