Crucial question about trust in open source apps

Question

how can users verify that the app they're downloading from app stores is built from the exact open source code they can see in github?

dlcarrier · Accepted Answer

I just download it from the repository. That's not am option on iOS, which is one of many anti-features.

JohnFen · Answer

They can't. The only way to be certain is to take that code and build the app yourself. If you're downloading prebuilt binary, you have to trust that the author is correctly representing what it was built from.This is even more true with SaaS, because the binaries used there can and do change without warning.

feznyng · Answer

You might be interested in sigstore[1], although I'm not sure if/how it can be used in an iOS app.[1] https://www.sigstore.dev/