Sigh You can't 'leak' a symmetric key. If the messages are encrypted on your phone then you already have the key. If they're not then it doesn't matter.
That it uses the 'same' symmetric key for all users is what has everyone concerned. Coupled with the fact that WhatsApp stores your chats on external SD cards [1] without access controls, any APP you have installed can access and decrypt your WhatsApp chat history using this key.
The security flaw here is that there aren't any access controls, not that they use the same symmetric key everywhere for local storage. Even if they store the logs in plaintext, other apps should not be able to read those logs.
"true", but maybe the key was obfuscated... Anyways, it seems that WhatsApp didn't encrypt messages until 2012, then they started using symmetric crypto http://pastebin.com/g9UPuviz
