Archive formats are hard to make reproducible because there are lots of ways of making different yet equivalent archives.
So it’s not surprising to me that someone would fail at this hurdle and find it frustrating to resolve.
Nix defined their own format for this to avoid this exact problem.
It seems there are multiple reasons. For one, the apk files include a digital signature and you won't have Signal's and Google's private keys available to recreate their signatures.
Thank you for this nice response. Did you already know or did you look it up? please don't tell me you just copied and pasted my question into an input form somewhere and it gave a bunch of reasons...
Ah nice; they got rid of that explicit warning - instead though we have the entire section about "bundlePlayProdRelease" including an externally sourced binary blob.
I don't understand how the details of the build process matter if the resulting files can be checked to be bit by bit identical? I can only think of something like Signal and Google conspiring to backdoor the binaries during the build process via this external binary blob. But if Google is part of this, they could also do it within Android which is not fully open source.
If you don't like this, you use the non-Play Store build instead (which supposedly doesn't include any binary blobs, but I haven't checked).
Why can't I sha256sum the two apk?