If your HW/OS doesn't allow verification of binaries, but your threat model requires doing that, then you need to use proper HW/OS that allows the verification. Also, iOS is proprietary so who knows what the OS is doing anyway. Also, this https://thehackernews.com/2014/01/DROPOUTJEEP-NSA-Apple-iPho...
If you are in the EU you can build the app from source and sideload it on your phone. Everyone else is out of luck. So yeah, either Signal or Apple can insert a backdoor into the app.
maqp|9 months ago
paxys|9 months ago