Unless you build it yourself you do trust the devs. You aren't running public code on your phone you're running compiled binaries. Compiled by who? How securely? Who has keys?
It's also a leap of faith to assume that public code is any safer.
You're not wrong that one needs to have some trust in the devs of open source code, but if you are this level of paranoid then having the code available is essential to your threat model because it allows you to build it yourself so you know what you're running. Nobody can audit everything, but if enough people are involved in the development, they would all have to collude (or the malicious one has to hope they get lucky) since each one of them has a chance to spot when one of the developers were to be malicious
2OEH8eoCRo0|7 months ago
It's also a leap of faith to assume that public code is any safer.
Aachen|7 months ago
kytazo|7 months ago
Public code is definitely safer than binary blobs.