That's a very charitable interpretation, and I like your optimism!

Having worked on similar software in the past, I wouldn't be surprised if this is the actual reason. Especially since the microphone indicator is a relatively new addition to the system, they might just have never realized that they're not closing the device properly and now that it becomes obvious, it might not be so trivial to fix the code.

A tickbox in settings, "don't keep mic enabled"?

I can't see how it can be that hard to just close the mic device when you go off a call.

That's easy to say when you don't know what other things may be bound to that code. As said, I have worked on similar stuff before, and was in a very similar situation where an audio device was kept open for longer than necessary, but "simply closing the device" would have broken many other things that depended on the audio device. Fixing it involved logic changes and refactoring. Sure it wasn't impossible, but it was not exactly as trivial as adding a new checkbox either.

This is also my take on this issue. The company just wants to monetize on remote meeting and has no malicious intention on user privacy, but they just mess up the security from time to time. It is not sound that selling user data can make them better off.

Another infamous example is proctoru. Literally a spyware, but delivering a spyware requires much less effort (both intellectually and financially) compared to designing a product that makes security-savy customers happy.

It definitely seems way more innocuous than the conclusions being jumped to in this thread. A simple packet sniff would be an easy test in this situation, and since nobody is even claiming that data is being transmitted, it's quite a leap to assume that they're listening to everyone with nefarious intent.