Making the code base for the app closed doesn't create the security that I think you're suggesting. Of course, it should be well developed, but it could be well developed, and with an eye to what is being collected and used, but still be open-source code. The mechanics, the underlying code, the architectures, how it works, there's no problem with that being open and also with it serving the purpose that it served.
On November 28th, 2022. See this statement in context.