[100001_100011]

Reproducible builds are for developers. As a user I didn't build the app on my phone.

I have a phone with Signal on it. Tell me what I should do to verify it's running the open source Signal code.

[0xChain]

You should check out Session. Their CTO apparently uses his PGP key to sign every release https://twitter.com/session_app/status/1514108746854985730

[bertman]

If you, as a user, are concerned about reproducibility, you are no longer an average user. Thus, if you want this extra security, you can be expected to check the APK on your phone.

[ghransa]

Not perfect chain of custody but could report to virustotal (virustotal.com) and compare in a sandbox:

https://play.google.com/store/apps/details?id=com.funnycat.v...

[fgiox]

Maybe you could figure this out yourself, and share your findings, rather than demanding answers from others?

[fsflover]

Reproducible builds benefit the user by allowing independent checks of the software.