You are not forced to trust them. You can if you want to do things conveniently.

If you truly want it use its value then you must do it the correct way it should be done. Ideally you must compile your apps if you don't want to trust the distributor. There is no other option.

Propriety apps don't have their source code public so they could be collecting God knows what data and sending to the servers back at the company.

It shows the flaw in Google Play Store way of distribution of apps rather than signals.

No need to trust signals words, the source code is open source. You can know how every bit of data is processed for the version you are using and in what format it leaves the device.

If you don't trust the Play Store app distribution (which ideally you should not trust), compile the app from source nd you have complete control of the app as if you yourself have made the app for yourself.

Even signal can't themselves do anything fishy. The can almost give government most basic information like which time my app connect to them nd my ip because I connected to their servers.

TLDR It's not based on propriety model where you need to trust the app for what it is doing.

With signal complete privacy is in users hands and the message are encrypted when leaving the app. It's not possible for signal servers to know message content by design.