Sounds like a compromised phone in the sense that it doesn’t protect (and instead transmit) the private key.
But the key exchange is not the issue then.
Access to private keys is.
If the host system, on which the key exchange runs, is compromised, you’re toast.
They can log anything they want and have nothing useful, if the encryption protocol is sound.
Have a look at how TLS is designed, if you want to know more.
And here I thought the E2EE of Whatsapp was based on the one developed by Signal or at least so they say.
But I guess it’s hard to inspect anything, if it’s no open source software.
I’m so glad there’s SIgnal and a lot of my contacts use it.
Back when it was called Textsecure it was a different story.
How is a phone not compromised if it hosts apps that play into the hands of evil actors?