I’m note a programmer. I Don’t Understand Codes. How do I Know If An Open Source Application is not Stealing My Data Or Passwords? Google play store is scanning apps. It says it blocks spyware. Unfortunately, we know that it was not very successful. So, can we trust open source software? Can’t someone integrate their own virus just because the code is open?
By default, FOSS is no more secure than proprietary software. However, it allows the community to peer review the code. So, a popular and active FOSS project can be trusted to be secure.
Check activity on their code repository - Stars / Followers and Forks says something about popularity, Issues and pull requests tells you about active (check comments or check recently closed issues and pull requests), as does the code commits itself.