Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Audits

Source Code of ProtonMail iOS App Made Public

Proton Technologies, the Swiss-based company behind the privacy-focused email service ProtonMail, this week announced that it has made available the source code of its iOS client application.

Proton Technologies, the Swiss-based company behind the privacy-focused email service ProtonMail, this week announced that it has made available the source code of its iOS client application.

The ProtonMail iOS app was recently audited by cybersecurity consultancy SEC Consult, which reported identifying seven low-risk vulnerabilities, including issues related to hardcoded credentials, missing certificate pinning, account upgrade bypass methods, debug messages being enabled and leaking user information, and failure to implement security mechanisms provided by the iOS operating system.

By making the ProtonMail iOS app open source, the company hopes to encourage researchers to attempt to find vulnerabilities and increase users’ trust in the security of the platform.

In addition to the source code, Proton Technologies has made available some documentation, including its iOS security and trust models, that should make it easier for interested parties to review the code.

“We strongly believe in open source, and we are committed to open sourcing all of our client software. In pursuit of this goal, independent third-party audits of all our other clients are underway, and we look forward to open sourcing even more of our code,” Proton’s Ben Wolford wrote in a blog post.

Wolford added, “Making our code freely accessible to the developer community also encourages innovation in the field of privacy tech. Developers are free to implement and build upon the methods that we have documented and published. We believe that when developers work together to solve real-world privacy challenges, everyone benefits, and we hope that the publication of our code will result in safer and more robust iOS apps.”

Earlier this year, Proton was accused by a Swiss lawyer of voluntarily helping law enforcement spy on users, but the company has denied the allegations.

Related: U.K. Teen Involved in ProtonMail DDoS Attack Arrested

Advertisement. Scroll to continue reading.

Related: ProtonMail Launches VPN Application for macOS

Related: ProtonMail Launches Encrypted Contacts Manager

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights