Closed source Trading App with the potential to give you wrong in/output and also the problem of exploits and maleware for a financial stand point this idea is a joke.
The app uses bittrex api keys, the withdraw permission is not required, so there is no way it could steal your funds - even if it wanted to.
The trust you have to have in this app is a lot less than you need for any other entity you leave your funds at, like any exchange, any ICO operation, any escrow, any gambling site, any..... and so on.
Wrong input/wrong output is probably aimed at orders and trading history shown by the app? Well, you can easily verify that this is not the case by simply using an API key with only "Read info" permission.
Regarding malware and exploits, how is this any different from any other app you install from the app store?