Actually we can't really be sure that message contents are really encrypted since it's not possible to verify if the app people are installing is built from the same source code that is made public unless I'm missing something.
Discussion
that's not a problem unique to Signal
If we accept that the apps we are installing are really what they're supposed to be,
then signal provides good protections.
better than most
Not quite accurate. Signal for Android has reproducible build and there is also Molly, an alternative Signal client.
https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds/README.md
Just wait until you discover that Signal's algorithm was written by experts at the NSA headquarters in Hawaii without irony.
They have a nice museum there that celebrates their own inventions and how many decades passed until others figured out the backdoors inside each of the items.
Are there reproducible builds for Signal? Can do for Threema, at least on Android: https://threema.ch/en/open-source/reproducible-builds
the major critique for signal is the "walled garden" experience, the encryption is safe