Starting today, every app you use to access your ProtonMail inbox is open source and has passed an independent security audit.
One of our guiding principles is transparency. You deserve to know who we are, how our products can and cannot protect you, and how we keep your data private. We believe this level of transparency is the only way to earn the trust of our community.
To that end, open source has long been a priority at Proton. Our web app has been open source since 2015, our iOS app is open source, our desktop Bridge app is open source, and all ProtonVPN apps are open source.
This means that all Proton apps that are out of beta are open source.
Today we add the ProtonMail Android app to this list. The code is available on our GitHub page.
As part of making our Android app open source, we commissioned an independent security audit from SEC Consult. Their audit found that our app has no outstanding vulnerabilities. We have also published the full audit report on our website.
Open source at Proton
Your safety is our number one priority. Open sourcing our code increases the security of our apps because it allows us to leverage the entire IT security community to search for vulnerabilities. Those who discover vulnerabilities may be eligible for our bug bounty program.
Open source code contributes to a free Internet
Our goal is to bring security, privacy, and freedom to the Internet. That is why we are strong supporters of the open source community. We maintain two open source cryptographic libraries, OpenPGPjs and GopenPGP, to make it easier for developers to encrypt their apps and thus protect more data.
This cooperation among open source developers is how we create and sustain the privacy tech ecosystem that is necessary to create a safer Internet. Thank you to our community for supporting these efforts, and we look forward to your feedback on GitHub or directly via email at email@example.com.
You can get a free secure email account from ProtonMail here.
We also provide a free VPN service to protect your privacy.
Feel free to share your feedback and questions with us via our official social media channels on Twitter and Reddit. Note that while blog comments also remain open, questions and feedback will not be responded to individually. Where relevant, we will incorporate the most frequently asked questions or comments into a blog update.