This week Proton Technologies, the Swiss company behind ProtonMail, the privacy-based email service, revealed it has released the source code of itsiOS client software.
ProtonMail iOS has been recently audited by SEC Consult, a cyber-security consultant who documents seven low-risk vulnerabilities, including issues relating to hard-coded passwords, missing certificate pinning, bypass methods of account updating, allowing debug messages and leaking users ‘ data, and failure to implement iOS operating system security mechanisms.
By opening the ProtonMail iOS app, the company hopes to encourage researchers to try to identify vulnerabilities and increase user confidence in platform security.
Proton Technologies has made some documents available, including its safety and confidence models, in addition to the source code, which should make it easier for investors to test the code.
“We firmly believe in open source and dedicate ourselves to opening up all of our technology for our customers. Throughout pursuit of this goal, independent external reviews of all other customers are being carried out, and we look forward to opening up our software even further, “Proton’s Ben Wolford wrote in a blog post.
Wolford said, “The free access to our software for the developer community also facilitates creativity in the area of data protection. Developers are free to implement and expand on the methods reported and published by us. We agree that if developers engage in the resolution of real-world privacy issues, everyone will benefit, with the launch of this software contributing to safer and stable iOS apps. “Swiss lawyers accused Proton of volunteering to spy on users for law enforcement, but the company dismissed the claims.
