Comment by kasey_junk

Reproducible builds are not required to evaluate the encryption algorithm used in Telegram.

Software auditors use deployed binaries as a matter of course.

They’d do so even if reproducible builds are on offer because the code and the binary aren’t promised to be the same even with reproducible builds and validating that they are can be more problematic than the normal case of auditing binaries.