Comment by nicce
2 years ago
For Signal, open source since 2016
https://signal.org/blog/reproducible-android/
Unless you espcially meant by ”App Store”, by Apples App store, it is Apple to blame in that case because it is not possible due to the encryption of app binaries.
I wasn't speaking specifically about Signal nor about a particular storefront. I'm glad Signal has at least a reproducible build on one platform. That doesn't change my main point: "it's open source" is NOT a guarantor of this AT ALL without usable build verification.
That is very true; many incorrectly think that open-source alone brings some privacy guarantees, while it might bring some security ones.