Proton Technologies, the Swiss-based company behind the privacy-focused email service ProtonMail, this week announced that it has made available the source code of its iOS client application.
The ProtonMail iOS app was recently audited by cybersecurity consultancy SEC Consult, which reported identifying seven low-risk vulnerabilities, including issues related to hardcoded credentials, missing certificate pinning, account upgrade bypass methods, debug messages being enabled and leaking user information, and failure to implement security mechanisms provided by the iOS operating system.
By making the ProtonMail iOS app open source, the company hopes to encourage researchers to attempt to find vulnerabilities and increase users’ trust in the security of the platform.
In addition to the source code, Proton Technologies has made available some documentation, including its iOS security and trust models, that should make it easier for interested parties to review the code.
“We strongly believe in open source, and we are committed to open sourcing all of our client software. In pursuit of this goal, independent third-party audits of all our other clients are underway, and we look forward to open sourcing even more of our code,” Proton’s Ben Wolford wrote in a blog post.
Wolford added, “Making our code freely accessible to the developer community also encourages innovation in the field of privacy tech. Developers are free to implement and build upon the methods that we have documented and published. We believe that when developers work together to solve real-world privacy challenges, everyone benefits, and we hope that the publication of our code will result in safer and more robust iOS apps.”
Earlier this year, Proton was accused by a Swiss lawyer of voluntarily helping law enforcement spy on users, but the company has denied the allegations.
Related: U.K. Teen Involved in ProtonMail DDoS Attack Arrested
Related: ProtonMail Launches VPN Application for macOS
Related: ProtonMail Launches Encrypted Contacts Manager
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
