How can you ensure that the password vault app is protected?

I have a large number of usernames and passwords - different for each website, service ... To keep track of information, I have an iOS app that claims to store information using RSA-256 encryption; it has the ability to sync "storage" between different devices, so I can use my iPad or iPhone to access the information.

In essence, I "trust" the software vendor that their claim that their software is secure is true. This means not only (1) that it is well written (no accidental security flaws), but also (2) that there is no "back door" that allows them to intercept or redirect my files during a sync operation - if they do, they will "have everything".

I wonder if there is a "better" way to solve this problem. I can remember a few:

• write your own. Warranties (2) but not (1)
• there is an open source project and let the "community" help with (1). Of course, an attacker could use open source to find and exploit (rather than fix) a weakness.
• Third party software vendor certification. You must now trust a third party ...

There might be a reliable solution out there, but I don't know. Many "related" questions seem to exist on SO, but I couldn't find one that actually answered this.

Any contributors?