[LinuxFreedom]

We can learn one important thing here - it is not possible to trust closed source software. Enough said, next issue please.

[UncleMeat]

It isn't possible, in most cases, to trust open source software either. Have you verified that the binaries on your phone were indeed built from the source you can read on github or wherever?

[omginternets]

Which fully open-source phone platform do you have in mind? I'm not aware of any.

On desktop and servers, however, it certainly is possible (and not-too-impractical) to verify binary blobs against known PGP signatures. See Debian's reproducible builds, for instance.

[zorked]

The problem is that we can't trust open source software either.

Software being closed source doesn't make it impervious to analysis. Software being open source does not mean it has been analyzed.

[CaptSpify]

No, but you can do it any time you want.

I don't ever want to change the tires on my car, but I think it's essential that I have the ability to change the tires on my car.

[FabHK]

If your goal is to get the greatest number of people onto the greatest and most secure, private, free software, then pure ideology won't help.

What do you think Iran/the NSA/any TLA is more upset about, WhatsApp using the Signal protocol, or Matrix and Riot?