Well… I assume that might be illegal. Or maybe these rules would only apply to public software? For sure it wouldn’t be enforceable, and it would still allow criminals to use it to communicate privately between each other, but it would make it harder to exploit mainstream public apps (e.g.: WhatsApp) to scam or exploit weaker individuals.

mainstream

is the keyword here. Mainstream is really big.

They come for the lions share first. You do nothing because you think you’re unaffected. Then later they will come for you. And nobody will do anything for you either.

Of course, professional criminals like yourself (sarcasm) will find a way to escape the law. But I doubt it’s nice to live on the edge of society like that anyway, being unable to interact with most services.

For the moment, that would not be enforceable in respect to people with technical knowledge. Enforcing it would require authoritarian control and even China’s Great Firewall has way to circumvent it.

On the other hand, this is already far more difficult than you might think. You could not install such an app from a server authenticated with TLS because the TLS keys might be subverted - the certification chain has national institutions as the top certificate authorities. You would also not be able to install such an app on an Android phone because Google has decided it needs developer attestation to install apps in a way accesible to end users. You can run Linux now but if all that is taken seriously, your options to run Linux might become limited. E.g. you already can’t run many banking apps on phones with user-controlled OS software. In future, you might not even be able to use a municipial library’s or bookstore’s website this way.