One way to mitigate that is through Binary Transparency, which would allow people to detect if a release is made for which there is no source code available (assuming the project already has reproducible builds). There is already a project attempting this for Arch Linux packages[0].
Of course it's still possible that an update could be sent to everyone which contains some code that only runs when a certain username is entered, so users would need to avoid updating the app until an audit by a trusted third party had approved it.
