[shabda]

Signal has reproducible builds for Android. https://signal.org/blog/reproducible-android/

Does that help in any way to verify that they do not store data on their servers?

[evanreichard]

My understanding: If you verify the safety numbers in person, then I believe you can be confident that it's E2E encrypted for that conversation. If the safety numbers are different, then there could be a nefarious actor listening in.

Someone please correct me if I'm wrong.

Edit: That being said, I believe they could still record IPs, as well as the destination and timestamps of each message.

[spullara]

If they were storing that it would have been produced when they were forced to produce all data relevant to the case.

[evanreichard]

Agreed. Just pointing out what information they have access to if they wanted to start logging as much as they could.

[spullara]

Sadly I don't see any way to prove that over time except through periodic court orders :)

[aidenn0]

It only helps verify what data the client sends to their servers, not what fraction of that data is stored on their servers. They could be (but probably aren't; see other comments) storing e.g. information about how often you connect and the volume of data that passes through their servers.