Whether the protocol is federated or not (which is the topic of the article) doesn't say anything about the clients and how they're distributed. Even with respect to Signal, which is open-source, can be rebuilt from source and has several clients, including 3rd-party ones.

> It is far harder sneaking a backdoor into a F-droid app, with far bigger reputation risks, than doing it in Signal app

We'll have to agree to disagree.