Right, this may or may not be relevant to your threat model, but isn't really helpful information for someone looking to build the software reproducibly. Would you mind sharing sharing how you did it?
Oh, building it reproducibly? That's the default. You just run a new-enough version of gradle; build.gradle is set up already. There's a tool called apkdiff to compare everything except the signatures.
https://github.com/signalapp/Signal-Android/wiki/Reproducibl... is a thorough recipe, but I didn't actually do all of that. I had the right build environment anyway.