An important caveat with Krypton is that while it is open source, the published source is essentially useless because it is not licensed under a free license.
That should be sufficient to audit the code, and verify that the binaries distributed via app stores are actually compiled from it, no? For a security app, it's pretty useful.
You can see the code, but can't do anything with it? That'd be source-available, not open source.
Having a source publicly available is one of the prerequisites for something to be considered open source, but it's far from being the only prerequisite.
