Good security is not just about prevention. It is also about detecting changes and refusing them when they happen.
That is the difference between hoping something was not modified and proving whether it was.
Two layers that matter
First, the app verifies the signed server list. Second, it verifies the downloaded VPN configuration file against a trusted SHA-256 hash.
If either check fails, the app blocks the connection instead of continuing anyway.
Why that matters
Tampering only works when the system accepts modified data. The right design breaks that assumption by failing closed.