Comment by Aulig

The apps work similar to a browser, so we don't need access to the website's source code. And yes, for Android you get the aab file you can upload to Google Play. For iOS, we upload the app to your developer account for you, since that's the easiest way there.

We obviously don't inject malicious stuff since that'd ruin our reputation immediately (& open us up to lawsuits). I could see that happening with free app builders, but we make our money from subscription fees, so we have no need to turn to such illegal stuff to monetize the apps.

Even going open source wouldn't solve the issue, since most customers wouldn't be able (due to lack of technical knowledge) to compile the app themselves.