I’m note a programmer. I Don’t Understand Codes. How do I Know If An Open Source Application is not Stealing My Data Or Passwords? Google play store is scanning apps. It says it blocks spyware. Unfortunately, we know that it was not very successful. So, can we trust open source software? Can’t someone integrate their own virus just because the code is open?
Even cots/non-foss likely uses foss libraries somewhere. Also keep in mind that foss doesn’t mean the software can be changed at any time in the version that gets distributed. There’s usually checks and reviews when someone wants to contribute. A commercial software also isn’t immune to bad actors. I trust a reputable piece of foss far more than a sketchy company’s code