The source to Signal is open to analysis if you doubt its security. I suspect they C&D forks because they don't follow coding/security practices as upstream does, and it would be too hard to ensure they would if they just let anyone fork it.
> No guarantee the build on the app store is the same as on github.
I don't know why this comment always pops up on HN every time Signal is mentioned.
Signal builds on Android have been reproducible on Signal for nearly eight years - basically the entire time Signal has existed as an app under that name.
On iOS? No, because Apple doesn't allow reproducible builds on the App Store, period. But you can't blame Signal for that.
