Now that I think I have found the messaging app I am going to use for my communication and to keep them private.
I am wondering, signal for example is open source, so developers with knowledge can read the code to be sure their is no backdoor (for the gouvernment for example), but how to be sure that the app I am downloading for the store of my phone, or from the website for my laptop is the exact source code of the app ?
For example if the app signal would be developed by a gouvernment I think they would have enough money to pay developers that develop the source code we can see on github but before each release an other group of developer add backdoor before compiling and sending app to the store ?
How could we be sure that our app is not compromised ? We can only eyes closed trust them ?
Same for website that have a fingerprint or a hash just under the download button (to check that the downloaded app have not been compromised), but if and hacker has access to the source code of the website to change the file behind the download button, he could easily change the fingerprint (or hash …) to match the compromised app he made us download no ?