You are telling me this has been going on for almost a decade now, and no one ever noticed ?
So we trust open source apps under the premise that if malicious code gets added to the code, at least one person will notice ? Here it shows that years pass before anyone notices and millions of people's communications could have been compromised by the world's most trusted messaging app.
I don't know which app to trust after this, if any?
Why is this a shock? Someone would need to have already compromised your device. Even if it was encrypted with a password they still could install a key logger
Matrix. You can host any version you want, and when you have to update, just do a version diff between you current and latest versions and check yourself.