There is no such thing as a trustless executable. Best we can do is maximize our confidence in it.

Reproducible builds is the most powerful tool we have for that, in particular with multiple attestations from reputable third-parties.

It's (probably) impossible to verify code running on a server such as a relay or caching service, and the same goes for an iOS app downloaded from the Apple App Store