Right. And while I generally dismiss conspiracy theories about the protocol itself (and have great respect for moxie), the one thing I find very curious is their staunch refusal to implement anything other than phone numbers as account identifiers.

There's absolutely no reason not to, and yet they refuse to do it.

Of course, you could always use a trustworthy service that downloads and builds the source directly from Github and signs it with its own key - like F-Droid...

...if Moxie allowed it. Instead you're just supposed to trust him.

I much prefer SilenceIM anyway, which uses the same encryption but tunnels it over SMS. Like Signal used to, before that feature was inexplicably dropped in favor of becoming another internet instant-messenger. Which requires giving root on your phone (!) to the largest ad company in the world (!) to use properly.

It's end-to-end encryption, so the server code doesn't matter. You can compile it yourself if you like. Are you arguing that's no better than how Telegram is distributed?

Maybe not but in the desktop app world there is. It's called deterministic builds, where multiple people can build the same code and come up with the same exact binary. Gitian[1] is a popular one used by cryptocurrencies.

Basically multiple people independently sign the build so even if one is corrupted it would be difficult to corrupt them all (especially since an independent third party can replicate the results).

If there were an easy way to verify the hash of a binary on a mobile device, this could be an option.

[1] https://gitian.org/