A flaw, or a backdoor?
The more I hear about these events, the more I suspect that these flaws are deliberate in order to allow intelligence agencies to access communications when they want, but in a way that is not obvious to the layman.
Having the flaw in the protocol is a lot easier than having to twist every companies arm to implement a backdoor in their hardware/OS/Software, with all the variations. This way, any piece of equipment that follows the standard (and is certified as such) is automatically backdoored. Far more elegant.
I know "security is hard", but we are talking about very large, very rich companies, who develop these standards over many years, with much ratification and consultation, and could easily afford the crypto and security specialists needed to do it properly.
A lot of the telecom industry traces its lineage back to to the old telegraph and telephone systems, and interception by spies has been a long standing thing they facilitated, and at this point I would expect such agreements are grandfathered in.
We have already had western governments request/demand tech companies cripple their security implementations to allow backdoor access, with push back from said companies (at least publicly). You notice they never request or demand the same from Telecoms. I suspect because an arrangement is already in place, and has been for a very very long time.
The problem with the concept, is that when security researches eventually discover the backdoor and publish it, every single implementation is vulnerable, with no way to patch it (because it is protocol level), until a new revision of the protocol is published, hardware certified, etc.. and people actually buy the new hardware (without any backwards compatibility with the flawed system). Hence why every phone still supports 2G, with whatever flaws exist since then, we will have security holes for decades.