I think the premise of that sort of thing is that in theory, you could build your own copy and install that, or at least check it against the pre-compiled version.
Perhaps its incorrect thinking, but I trust that Moxie and the gang aren't going to screw me over.
But, yeah, in theory, you can download it and compile it. The fact that you would have to also buy a certificate from Apple to do it is just a detail. You _can_ do it.
Open source is, indeed, a red herring when talking about iOS or Android. It's a buzzword more than anything. And if anyone thinks you're somehow safe because people can audit the open source version of a closed iOS app, they are delusional.
You also have the baseband CPU on many devices, which can read unencrypted memory anyway. So it is a hopeless case. Which is why this whole secure text craze HN is on is just insane. You'll never beat the momentum of iMessage or WhatsApp. But worse, there is not even any point! Trust begins and ends with a closed device.
Why is there always some comment that makes a point about the baseband, as if it's novel idea? This is letting great be the enemy of good.
Most of us are not going to be a target of state-level intelligence agencies, which are the only possible actors that have the sophistication to compromise the baseband processor. The idea is to prevent dragnet surveillance.
What good is open source, when the developer can still add a backdoor later and put the backdoored version on iOS store?
I still need to trust the developer.
(And Apple, too, but once I can't trust Apple I can no longer the OS itself and just throw the phone away)