ProtonMail iOS app goes open source!

illustration of ProtonMail iOS open source

We’re happy to announce that the ProtonMail iOS app is now fully open source. 

We believe in transparency, the power of community, and building a more private and secure future for all. That’s why our web app has been open source since 2015, and it’s why we have contributed to the open source community by maintaining cryptographic libraries for the JavaScript and Go programming languages.

Now we’re taking the next step by open sourcing our iOS app. You can find the code on our Github page

Why open source?

At Proton, security is our overriding priority, particularly because of the many dissidents and activists who use our service. Our emphasis on security extends to all areas of our work, from our use of end-to-end encryption, to the way we engineer our applications. As part of our commitment to security, we are putting all of our software through rigorous, independent third-party audits.

Already there are third-party audits for OpenPGPjs and GopenPGP, our open source cryptographic libraries. Earlier this year, we engaged the renowned security firm SEC Consult to conduct an independent audit of ProtonMail’s iOS application. We are now making our iOS app open source now that it has been independently vetted. For more information, read the full iOS app audit report.

Open source provides transparency and accountability to the Proton community. Allowing people to see and review our code increases trust in both the security of the platform and our commitment to develop a more secure and private Internet. By making our code available to the world, and with the help of our bug bounty program, we can leverage the global Proton community to make our software as secure as possible.

Open source at ProtonMail

We strongly believe in open source, and we are committed to open sourcing all of our client software. In pursuit of this goal, independent third-party audits of all our other clients are underway, and we look forward to open sourcing even more of our code. 

In addition to making our iOS app open source, we have also documented and published our iOS security model. This is important to us because raw code without documentation can be almost unintelligible sometimes, and a documented security model will assist in rigorous assessment and review of our code by the public. Our iOS trust model is also available on our Github page.

There has been a recent increase in state-sponsored malware attacking iOS, and in some cases specifically targeting ProtonMail users. Our iOS security model also highlights exactly what we are doing to give Proton users a higher level of security compared to typical apps. In particular, we have implemented safeguards which allowed the ProtonMail iOS app to protect against a recent malware targeting Tibetans and Uyghurs (see our security advisory).

Making our code freely accessible to the developer community also encourages innovation in the field of privacy tech. Developers are free to implement and build upon the methods that we have documented and published. We believe that when developers work together to solve real-world privacy challenges, everyone benefits, and we hope that the publication of our code will result in safer and more robust iOS apps.

We’re excited to share our code, and we look forward to hearing your feedback on Github or directly via email at contact@protonmail.com.

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

About the Author

Ben Wolford

Ben Wolford is a writer at Proton. A journalist for many years, Ben joined Proton to help lead the fight for data privacy.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

13 comments on “ProtonMail iOS app goes open source!

  • I’m so happy for this finally happening. Seeing more of yall’s service finally being open-sourced boosts my (and I’m sure a lot of other people who were concerned regarding this) peace of mind immensely. Congrats! ProtonMail will definitely be keeping my business (ProtonMail Plus subscriber who pays in cash here).

    Reply
  • We Thank You for your service for your honesty and transparency. We Thank You for securing our data. We Thank You for putting morality and integrity into the IoT
    Regards

    Reply
    • The issues found were all low severity, and the ones that required fixing have all been fixed. The linked article also includes other inaccuracies, like the incorrect claims about voluntary surveillance which have been refuted by the Swiss prosecutor.

      Reply
  • Good news. 🙂
    I hope that Andoid app will goes open-source after 6 monhs. Any news in which programming language Android app is based/ written? It should be Java (or not)?
    Thanks. Keep it ProtonMail up!

    Reply
  • 1. As a simple eMail user with minimum basic knowlege, much of your information is uninteligible to me because I don’t understand the innumerable abbreviations used (iOS, VPM, etc. in this news) all over the internet. Where can I find definitions?

    2. “Remember, emails sent from the Proton team are starred by default. If it is not starred, it did not come from us.” Very good, but where is it??, and is it a ‘star’ or a check mark. I find neither one in my inbox list.

    My thanks in advance.

    Reply
    • Hi Stephen!

      Sorry you’re having trouble wading through the jargon. I’ll keep this in mind and be sure to always spell out acronyms. (iOS is the name of the operating system used in Apple’s iPhones and iPads. An operating system is like a chassis for your computer that makes the other apps and operations possible. VPN stands for virtual private network, which you can learn more about here.)

      If you get an email with a star in ProtonMail, you’ll notice it to the right of the subject line. (You can also star and unstar an email yourself by clicking on the star icon.)

      Hope that helps!

      Reply