(no title)

Unless the open source app is transparently built and app store deployed from a public build server, it's very easy for the owner to inject a back-door into it.

There's no mechanism built into the app stores to validate an app against its source code.

So the owner could checkout master, add a back-door, build and publish to the app stores, and you'd update, never knowing you're exposed.

Nothing is 100% safe. It's just dependent on how much trust you assign.