You can pretty easily compare compiled binaries.

That's assuming you can replicate their build process exactly and that process produces perfectly reproducible builds.

Or you could just run the code you compiled yourself?

Can you? I was under the impression that perfectly reproducible builds were still very much a hard and open problem.

Furthermore, I believe that the Facebook app codebase is massive in scope and highly illegible due to most of it being auto-generated from other codebases. It has over 18,000 classes on iOS. The odds of anybody being able to meaningfully audit that are pretty low.