I don't understand why Signal is not pursuing the reproducible builds. It looks suspicious. Verification of a binary takes a huge effort and can only be done by knowledgeable people. Case in point: nobody noticed or cared about the lack of undisclosed binary updates of Signal without released sources.