I don't think it's controversial that trust in Apple's extremely locked-down ecosystem basically comes down to "we promise". If it's closed source you can't verify. Even if it's open, if it's not a reproducible build (or your own build) that you install yourself then who knows what's on there and what it does?