How do you know the source code you’re looking at is for the same program you downloaded from the App Store? Does apple publish a checksum of software you’re installing?
This is a failure of Apple and their walled garden, not of Signal. If this is a concern to you, you either need to jailbreak or switch to a more free as in freedom platform.
Honestly, if it really mattered a lot to me (i.e. to my own security), I would compile Signal from source and install it on my device. Which I could not do with WhatsApp.
