Who’s to say that the “live” version you are using is the same as the codebase you are looking at? 

Not all software is checksumed. And even if it were… how wd you verify App Store installs?

Web clients are easier to verify … but only by “naked eye” inspection of the ENTIRE codebase downloaded to your browser. 

And if the client has a back end API at all … any server (including any relay) can be set up with backdoors for access to database or raw traffic. No telling what’s running in a black box server. Ever.