Maybe the open source apps could be lying about their source code? For an example, put a version without trackers while the one they use have trackers?
Removed by mod
https://en.wikipedia.org/wiki/Reproducible_builds
e.g. https://f-droid.org/docs/Reproducible_Builds/ for F-droid’s efforts on it. Debian, Arch Linux, and other popular linux distros also have their own efforts ongoing
You could always examine the code and compile from source as seen.
You could also use a hash to verify the content of the code does not differ from the source.
Using precompiled binaries should be able to use a hash to verify as well.
You can also run a scan on the app/code.
It’s good to take the principle of “question everything” seriously and to have the tools to do it right
Yes they could. That’s what reproducible builds are for. And Linux distribution maintainers. You better install software from places like the Debian package repository (or your distribution’s repo) or from F-Droid (if you’re using Android).
“the one they use” Who is they? What is the one they use? Most Linux distributions and F-Droid build every package from the source code and make available the source code that was built.
“They” as in the developers and the app itself.
