I am the original author of ChatSecure [1], the only free and open source OTR client for iOS devices. We also released an Objective-C wrapper around libotr called OTRKit [2] to help other developers integrate their apps with the OTR protocol. Gibberbot [3] is the equivalent program for Android devices, both of which are currently supported by The Guardian Project.
OTRv3 [1] has been designed to somewhat help the problem of differing instances and has been available since libotr 4.0.0, but in practice I haven't found a good way to solve the UI/UX problem in a user friendly way. The latest beta builds of Gibberbot support the transfer of private keys from desktop to mobile, but I haven't tested it, or how well it works to transfer a conversation from one device to another.
mpOTR [2][3] is designed to solve a different problem, and I believe development has been stalled because the current design doesn't allow chatrooms to scale to large numbers of people.
You could theoretically clone the source, check out the release tag, compile it, and then compare the checksum of the binary of the .app file, but I'm not sure if that would even generate the same exact file or not. You might also need a jailbroken device to decrypt and extract the App Store binary.
If you really want super paranoid level security, communicating digitally is probably not your best bet anyway.
Here's the SHA1 checksum of the compiled binary from the latest release (2.0):
Considering the fact that Apple is in the NSA wiretapping program and involved in secret tracking [1], don't you think it's unfair to call someone who's asking a way to verify if Apple isn't messing with the code "super paranoid"?
Though it's a lot easier to compel Apple to silently push a wiretap update to a handset than to have, several months/year ago, engineered a secret backdoor into a chipset...
You've gotta draw the line somewhere (unless you're rms). I would venture to say an open source OS and applications on worldwide-deployed hardware in the hundreds of millions count is probably safe enough for my purposes.
Why don't you charge for your iOS app? Is it because you expect that somebody would recompile the sources and charge less? You still have to worry about fraudsters.
ChatSecure will always remain free of charge to ensure that everyone in the world has unrestricted access to privacy technology. The project is mostly funded by very generous grants, so there is no need to "monetize" the project.
The amount of money we could make by selling the app directly to users wouldn't even begin to support the actual cost of producing and supporting the software.
I know it's not necessarily an accurate selling value of the application, but you could just charge $.99. That would probably head off a lot of the recompilers by making it not-so-worth-it. You never know, though. People will try anything.
Thank you for writing this. Do you have a bitcoin donation address with which we can compensate you for your time and service?
I still don't trust it, as the binaries come via the App Store (and without paying another $100 I can't build/install them myself), but it's good that someone's taken the first steps.
I don't want that kind of control, I just want to be able to install software of my choosing. All of the rest of "that kind of control" is time-wasting folly.
1. https://github.com/chrisballinger/Off-the-Record-iOS
2. https://github.com/ChatSecure/OTRKit
3. https://github.com/guardianproject/Gibberbot