Researchers at the University of Wisconsin-Madison argue that third-party apps rarely have their code reviewed by programmers at Slack and Microsoft. Even those that do, undergo a relatively superficial analysis, in which the reviewers analyze if the app works as intended, if it encrypts data, and run an automated scan that looks for vulnerabilities.
Office of Strategic Communication