Proton Technologies, the Swiss-based company behind the privacy-focused email service ProtonMail, this week announced that it has made available the source code of its iOS client application.
The ProtonMail iOS app was recently audited by cybersecurity consultancy SEC Consult, which reported identifying seven low-risk vulnerabilities, including issues related to hardcoded credentials, missing certificate pinning, account upgrade bypass methods, debug messages being enabled and leaking user information, and failure to implement security mechanisms provided by the iOS operating system.
By making the ProtonMail iOS app open source, the company hopes to encourage researchers to attempt to find vulnerabilities and increase users’ trust in the security of the platform.
In addition to the source code, Proton Technologies has made available some documentation, including its iOS security and trust models, that should make it easier for interested parties to review the code.
“We strongly believe in open source, and we are committed to open sourcing all of our client software. In pursuit of this goal, independent third-party audits of all our other clients are underway, and we look forward to open sourcing even more of our code,” Proton’s Ben Wolford wrote in a blog post.
Wolford added, “Making our code freely accessible to the developer community also encourages innovation in the field of privacy tech. Developers are free to implement and build upon the methods that we have documented and published. We believe that when developers work together to solve real-world privacy challenges, everyone benefits, and we hope that the publication of our code will result in safer and more robust iOS apps.”
Earlier this year, Proton was accused by a Swiss lawyer of voluntarily helping law enforcement spy on users, but the company has denied the allegations.
Related: U.K. Teen Involved in ProtonMail DDoS Attack Arrested