ProtonMail Mobile v1.4.0 Release Notes

Secure mobile email ProtonMail prevents brute force attacks

We are happy to announce the release of version 1.4.0 of ProtonMail’s secure email app for iOS and Android! Version 1.4.0, which was previously available only to members of our mobile beta community, is now available in the iOS and Android app stores.

You can get the non-beta version of the apps from the following links:

Google Play store here

Apple App store here.

It is still possible to register for the ProtonMail Mobile Beta Program. Not only is this a great way to support ProtonMail, you will be able to get early access to the newest mobile features before they are publicly available. Learn more

ProtonMail v1.4.0 contains numerous bugfixes to our secure email app, along with the addition of one important new email security feature.

Please consider supporting ProtonMail by upgrading to a Paid Account. Your support allows us to continue to develop ProtonMail encrypted email as free and open source software.

Secure Email Data Wipe

Image of mobile device showing data wipe warning message

Security is only as strong as it’s weakest link. Secure Data Wipe is introduced to prevent your data from being compromised by someone “guessing” (Brute Force) your pin code on your mobile application. After 10 incorrect responses are entered into the pin code, all app data is completely wiped from your device. This information can be reloaded once you have successfully logged in using your login and mailbox password.

As we have recently seen, even supposedly secure devices such as iPhones can have their PIN lock mechanism bypassed and thus it is no longer sufficient to rely entirely on built-in device PIN locks as the only layer of security. In the event that your phone is stolen while in the unlocked state or has the primary pin lock cracked, the PIN lock on the ProtonMail app itself provides a second layer of security. Before v.1.4.0, if your phone is stolen, as long as it remains in the powered state, an attacker can repeatedly try different PIN codes until getting the correct one. With v1.4.0, the Secure Data Wipe feature is enabled by default on both the iOS and Android secure email apps as long as the PIN lock feature is enabled. For your safety, this feature cannot be disabled.

The full release notes for Android and iOS secure email app v1.4.0 can be found below:


New Features

  • Better support for Reply-To headers
  • Deletion of the sensitive user data after 10 PIN wrong attempts
  • Support for optional screenshot prevention

Bug Fixed

  • Fix not showing empty inbox message if PIN is active
  • Fix Retry of no connectivity in Message Details


  • Improved showing/loading of the labels
  • Edit of the Display Name and Signature per Alias/Address
  • Indication of more recipients in the short message details


New Features

  • DataWipe, wipes information from device after 10 incorrect pin entries.
  • Added “Lock The App” feature in sidebar when user enable Touchid or pin-code
    added label manager in the settings
  • Added internet status check in mailbox and message details view.
  • Automatically start composing a message in the ProtonMail app when clicking on ‘mail-to’ link into the message.

Bug Fixes

  • Fix message is temporarily marked as Sent even if the address has a blank space
  • Slow connection problem with message not sending
  • Fix few decryption errors
  • Fix user can’t add/edit contact with .photo email address
  • Fix send attachment crashes sometime


  • Improve the reply to message UI
  • Improve the draft auto save
  • Add a button for TouchID in login screen, allowing users to ask for Touchid again after selecting the cancel button
  • iPad UI improvements
  • Allow editing of display name & signature for multiple addresses in settings



About the Author

Proton Team

We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. Ensuring online privacy and security are core values for the ProtonMail team, and we strive daily to protect your rights online.


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

37 comments on “ProtonMail Mobile v1.4.0 Release Notes

  • Shouldn’t this be under the Android section. To my knowledge you can’t change the default settings or apps for this kind stuff on iOS.

  • Automatically start composing a message in the ProtonMail app when clicking on an email address anywhere in your phone. Make ProtonMail your default `mail-to` email address.

    Shouldn’t this be under the Android section? To my knowledge you can’t change the default settings or apps for this kind stuff on iOS.

  • Thanks for all your hard work guys.
    I do have one question

    Automatically start composing a message in the ProtonMail app when clicking on an email address anywhere in your phone. Make ProtonMail your default `mail-to` email address.

    I can’t work out how to do this in iOS. Could you point the way?

    • iOS does not support changing the default application on the OS. This was mistake on our post, we apologize for the inconvenience.
      The correct change is: “Automatically start composing a message in the ProtonMail app when clicking on ‘mail-to’ link into the message”

      • This is the code only of the Web Client, isn’t it?

        Here we were talking about standalone apps, like the Android one. When you will make them Open Source?

        Thank you very much.

        • Yes, the code for the mobile apps will also be released as open source software under the MIT license. Since the apps have just been recently released, the code is changing rapidly so we will open source when the code is more stable and we are ready to accept pull requests from the community.

          • Thank you very much.

            I am a potential premium user only waiting for an open-source standalone app to switch to protonmail. For security concerns I can’t use Javascript.

          • Unfortunately, we do not have estimated time for this as it is rather dependent on the development timeline. We anticipate however that we should reach the required code stability by the end of this year.

  • Why Android app is NOT open source? You can’t claim security if a major component (mobile app) is proprietary…

    • We will publish the code as soon as we are ready to accept pull requests from the community. Right now, the code is simply changing too quickly and not quite ready to be converted into an open source project.

    • Agree. Some devices do not have google app store (like BlackBerry / SailfishOS) and some people simple do not want / refuse a google account. Why not put this apk on your site (or work together with fdroid)? Or does it heavily depend on google services (GCM) for notification and you do not want anybody to know about this?

        • “we may host the apk on our site but it’s not a priority” Just all you have to do really, is set the git repository to ‘public’. And let f-droid do the rest. Doesn’t take much effort.
          It doesn’t matter whether the code is ready for pull requests or not.

          People without a Google account shouldn’t have to download each individual app from it’s website. We want an open app store that values the same ideals as protonmail to include apps such as protonmail. We already have that. F-droid. All protonmail has to do is make it open-source. Not only for this purpose, but also because that is a requirement for trustworthy software.

  • How is progress coming along for implementing two factor authentication? Might it be ready by the end of the year? Also, what second factor protocol(s) might you be supporting — FIDO U2F, OATH-TOTP, OATH-HOTP, Yubico OTP, or something else? Thanks.

  • Dear All,

    You are doing an incredible work and you are making our life more secure. However, it is becoming quite urgent that you enable us to configure and work with mail clients such as outlook etc.

    Many thanks

    • That will unfortunately never be possible since outlook can’t handle the client side pgp decryption. However, thunderbird and k-9 mail could do that so long as protonmail let’s the user upload/download his own private key.

  • I would like the following:
    1) is the Protonmail contact list internal or external to the app?
    2) is the Protonmail contact list ever encrypted? When when app is closed or logging out of account?
    3) what is affect of setting a zero date/days for when an external email is sent to nonprotonmail recipient?
    4) is there a setting for a never ending deactivation for an external encrypted outgoing email option on the horizon?
    5) is there an option to retain settings after logging out of account & then logging back in? PIN option is routinely turning off.

    Great product. Love this approach to passing off keys all the time.

    • 1) combination of both, phone contacts + protonmail internal contacts
      2) encrypted, but not with end-to-end encryption (would make auto-complete impossible)
      3) If EO is enabled, it would expire the message
      4) Unfortunately we can’t really support this.
      5) We’re looking into this.

  • On the “permissions” for downloading the Andriod app, it says Protonmail requires access to: “device & app history, retrieve running apps, personal identity, find accounts on the device, contacts list, read your contacts, find accounts on the device, photos/media/files, read the contents of your USB storage, modify or delete the contents of your USB storage, receive data from Internet, full network access, view network connections, control vibration, run at startup, send sticky broadcast, and prevent device from sleeping.”

    Please explain to me why Protonmail needs to exert this level of intrusion into my privacy. It seems a bit contradictory, to be doing all you are doing to protect email privacy in this over-surveilled technological society, only to require people to hand their privacy over to you on a silver platter in order to download your app.

  • Are e-mail messages encrypted on the cell phone or can Verizon or anyone access all my e-mail messages? Are e-mail messages encrypted
    when being sent over the wireless network or can the cell phone carriers just intercept them & read them or pass them along?

    • This is the same as the web application. The messages are encrypted inside the app/browser and they are sent as encrypted. The provider can see only the encrypted content.

    INCREDIBLE! Google, Yahoo, Bing, they all spy on people. ITS TERRIBLE!
    you folks are great! GREAT!
    ANYWAY , if Proton mail gets together with PEACE ONE DAY. GO to….you will see. So if all the people log on to that website and they see proton mail adds, and during their events if the MC’s talk about PRIVACY, and intrusion, and how you folks are the answer, then a few 100 thousand will sign up.
    PLEASE JOIN and HELP the campaign for world peace. PEACE ONE DAY , Sept 21.

    • Most likely no, Blackberry is dead. But Blackberry can sometimes install and use the Android version, but there will be no push notifications.

  • Hello!
    Which android version to install on a Samsung GT-S7560M running Android 4.0.4.? Where can I download it without id?

  • How is advance tagging along for executing two factor verification? Might it be prepared before the year’s over? Additionally, what second factor protocol(s) might you bolster ?