Even if they were initially trustworthy, it's surely only a matter of time before they start wanting/needing to make (more) money and start abandoning their principles in pursuit of profit.

If a company wanted to, they absolutely could include something along the lines of "If we violate the terms of this privacy policy, we owe all affected users $1000" in their Terms of Service. Pointing a gun at their own head to prove that they're serious. Companies don't do this, because they are cowards.

> The real problem is how to trust that a "privacy-focused" app is actually privacy-focused

I think the real problem is actually that legislative bodies will make privacy focused apps illegal. California AB 1043 is an example of what can happen.