I do think that reproducible builds would make a lot of sense for open-source browser extensions. Google could say "if you want your extension to get a Trusted Build tag, put the source code on Github, and we'll run the build script for you to ensure that the code submitted for store review is built from the code from a specific Git commit." And from a security perspective this would be better than what we have, which is zero guarantee that an "open source" extension even matches its stated repository. I'd trust the integrity of Google's automated build systems more than an independent developer with nothing to lose and everything to gain by sneaking in a third-party script.
Alas, the presence of this kind of reproducible build system would bring needed clarity to the chaotic ad blocker market, and the lack of that clarity works in Google's favor as an advertising company, so sadly I doubt they'd do such a thing.
Yes, that's what I mean, at the end of the day, you have to trust somebody / something.
Here you have to trust both developer's code and Google's build system. Can you verify all of the developer's codes? And can you verify how privacy-trustworthy Google's build system is? At the other side, you have to trust developer's code and developer's build.
I didn't mean which one you "should trust more" at all in my comment above. Please read again. What I mean is the first sentence here.
Alas, the presence of this kind of reproducible build system would bring needed clarity to the chaotic ad blocker market, and the lack of that clarity works in Google's favor as an advertising company, so sadly I doubt they'd do such a thing.