At the end what matters the most is who is operating the project and which laws they have to follow.
One point to keep in mind is that almost all open-source projects don't really have transparent builds, and the transparent builds are rarely built really transparent (using public compilers, etc), but more behind the curtains.
Plus, even an open-source app that would have perfectly transparent builds (which is not the case from what I've seen), the app publisher can find way to push targeted updates (via app stores), feature flags, betas or settings to very specific users, etc if compelled to do so.
And there is always a potential excuse that store builds don't match open-source code, because the stores are re-signing the apps (and changing the checksums).
So it's more about who you decide to trust, unless you build the client yourself, which is an extreme outlier.
Most Signal users I know (even very sensitive users), they have iOS, they don't build the code themselves, they don't review the code, etc.
They just press Install (and I understand them, I would do the same).
The choice matters. That's what open source is all about, a choice and giving the users some power.
I still can't believe people feel the need to justify Facebook's actions, even after their horrible track record and continuous violations of the user privacy and trust.
Privacy is about granular controls provided to the user. Closed source doesn't even offer you an option. It's either "Use it how we like" or "Get out".
If open source clients aren't that of a big deal or big privacy win as you've explained, then maybe there shouldn't be a need to justify the decisions of a company like Facebook either.
One point to keep in mind is that almost all open-source projects don't really have transparent builds, and the transparent builds are rarely built really transparent (using public compilers, etc), but more behind the curtains.
Plus, even an open-source app that would have perfectly transparent builds (which is not the case from what I've seen), the app publisher can find way to push targeted updates (via app stores), feature flags, betas or settings to very specific users, etc if compelled to do so.
And there is always a potential excuse that store builds don't match open-source code, because the stores are re-signing the apps (and changing the checksums).
So it's more about who you decide to trust, unless you build the client yourself, which is an extreme outlier.
Most Signal users I know (even very sensitive users), they have iOS, they don't build the code themselves, they don't review the code, etc.
They just press Install (and I understand them, I would do the same).