They may also have been hoarding exploits to circumvent encryption, using "side channel" attacks.

You don't need to brute force an encrypted message if you can install an exploit on the user's phone that makes a copy of the message after the user has voluntarily decrypted the message to view it.

Such attacks may also be able to extract the encryption key from the phone (or pc), which may allow them to monitor the messages to and from that particular user while they are in transit.