Apple released a new platform security guide today.  According to that, there is a "fallback recovery OS" that can be accessed if you "[f]rom a shutdown state, double-press and hold the power button." I wonder if this one works if you zero the disk.
It also answers my question about the distinction between OS recovery and 1TR:
> Note: Apple uses the term One True recoveryOS (1TR) to indicate a boot into the primary recoveryOS which is achieved using a physical power button press. This is different from a normal recoveryOS boot, which can be achieved using NVRAM or which may happen when errors occur on startup. The physical button press increases trust that the boot environment isn’t reachable by a software-only attacker who has broken into macOS.
This is very true. Reproducible builds for mobile apps would be far superior. You can build Signal from source for Android if you wish, although obviously this is a massive pain to do for each update, there’s absolutely nothing stopping you from doing it.
On iOS it's a lot more difficult to get the required certificates from Apple but you can run your own build in Xcode and deploy it to your personal device if you are a registered Apple developer.
While reproducible builds are obviously the gold standard, for apps you install from the Play Store or the App Store, developers sign the apps that get distributed with their own private keys. As Google and Apple don’t have access to these it should be verifiable that the apps are not tampered with.
There is an exception here with the Play Store, where there is an opt-in option for Google to sign the app on your behalf , but I think we can safely assume Signal are manually signing with their own private keys.
In any case it's easy to just grab an APK from an Android device and check signatures for yourself.
For iOS though, no surprises here it’s locked down. Although from what I gather reading Apple’s security documentation, it confirms that apps must be signed by developers with their private keys.  But unlike Android there’s sadly no way I can tell for the user to independently verify this without jailbreaking.
But ultimately, short of building each version yourself, all this is moot if you distrust the developers.