While I agree reproducible builds are a huge part of the answer, if you get your builds from Google Play or the App Store you have no idea if anyone has reproduced the particular build that was served to your device.

A solution to this would be independent reproducible builds like F-Droid does, but Moxie rejected this citing it would cause them to lose control of the platform and install metrics Google and Apple provide. Always thought that was a weird position for a privacy tool.

So what? The centralized owner owns the code repo too, so such a restriction doesn't stop anything.

Even if Instagram was open source, Meta could remove the E2E chat feature.