Let’s use Signal as an example. How confident can I really be that the app I’m getting from the App Store was built using the code that I see in GitHub?
It would be fantastic if Apple & Google gave developers the option of having their source code securely hosted and linked to from an app’s product page. Or at least some kind of cryptographic signature (a simple hash digest?) that could be used to foster more confidence.
I’m not an app developer, and my simple Google searching hasn’t come up with a satisfying answer.
The google search term you want is "reproducible builds" which will give you some idea of the technical approaches to that sort of thing.