Jump to content
  • Proton Pass password manager apps released as open source

    alf9872000

    • 437 views
    • 3 minutes
     Share


    • 437 views
    • 3 minutes

    Proton announced today that its password manager Proton Pass is now open source and that the apps have been audited for security.

     

    Proton announced its password manager Proton Pass in April 2023 and released the first stable version of it at the end of June 2023.

     

    Son Nguyen, the founder of SimpleLogin, which Proton acquired some time ago, has been working on Proton Pass since the acquisition. Nguyen notes that the open source release of all Proton Pass applications gives all users and third-parties the opportunity to analyze the code.

     

    He writes: "Given the sensitive information you protect with your password manager, it’s crucial that you know exactly what’s happening inside it. Because Proton Pass is open source, anyone can inspect our code and ensure that the apps work as described."

     

    The source code of the Android and iOS applications, as well as the source code of all official Proton Pass browser extensions is now available.

     

    Interested developers and users find the Proton Pass source code repositories here:

    Independent Security Audit of Proton Pass

    proton-pass.png

     

    At the same time, Proton announced that it has asked Cure53, a German company known for security audits, to audit the Proton Pass applications independently. The audit covered all Proton Pass applications, the Proton Pass browser extensions, and the Proton API.

     

    Proton published the Cure53 Proton Pass report here. The audit was the first conducted and Cure53 notes that did not detect many issues. The researchers did find a security issue, which they rated high, which could result in a "potential leakage of user-credentials".

     

    Proton addressed all but one of the issues mentioned in the report. The last standing issue can't be resolved at this time according to Proton, as the solution is caused by a "platform limitation in Android".

     

    Cure53 posted the following conclusion: "Cure53 can conclude that the Proton Pass apps and components leave a rather positive impression in terms of security. Even though there are multiple areas, which require some more attention and work, it is hoped that fixing all ten issues spotted during this May-June 2023 project will elevate the already existing resilience against a multitude of severe attacks and threats.".

     

    Closing Words

     

    Proton addressed the security issues swiftly, except for the platform-specific issue that it claims can't be fixed at the time. The release of the password manager's applications and extensions as open source and the first security audit should strengthen trust in the solution further.

     

    Proton Pass is a cloud-based password manager that utilizes Proton's infrastructure.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...