Comment by yamrzou

Because a malicious SimpleX server could run a modified version of the code that allows them to collect metadata, even if they can't see message contents. So, indeed, it assumes trust in the server[1]:

  Our open-source code that we are legally bound to use doesn't provide any metadata that could be used to learn who connects to whom. But the privacy of users' connections still depends on us honouring our promises and privacy policy.

But they offer a way out using Flux, as they explain it here[1].

[1] https://simplex.chat/blog/20241125-servers-operated-by-flux-...