Proton announced today that its password manager Proton Pass is now open source and that the apps have been audited for security.
Proton announced its password manager Proton Pass in April 2023 and released the first stable version of it at the end of June 2023.
Son Nguyen, the founder of SimpleLogin, which Proton acquired some time ago, has been working on Proton Pass since the acquisition. Nguyen notes that the open source release of all Proton Pass applications gives all users and third-parties the opportunity to analyze the code.
He writes: "Given the sensitive information you protect with your password manager, it’s crucial that you know exactly what’s happening inside it. Because Proton Pass is open source, anyone can inspect our code and ensure that the apps work as described."
The source code of the Android and iOS applications, as well as the source code of all official Proton Pass browser extensions is now available.
Interested developers and users find the Proton Pass source code repositories here:
Independent Security Audit of Proton Pass
At the same time, Proton announced that it has asked Cure53, a German company known for security audits, to audit the Proton Pass applications independently. The audit covered all Proton Pass applications, the Proton Pass browser extensions, and the Proton API.
Proton published the Cure53 Proton Pass report here. The audit was the first conducted and Cure53 notes that did not detect many issues. The researchers did find a security issue, which they rated high, which could result in a "potential leakage of user-credentials".
Proton addressed all but one of the issues mentioned in the report. The last standing issue can't be resolved at this time according to Proton, as the solution is caused by a "platform limitation in Android".
Cure53 posted the following conclusion: "Cure53 can conclude that the Proton Pass apps and components leave a rather positive impression in terms of security. Even though there are multiple areas, which require some more attention and work, it is hoped that fixing all ten issues spotted during this May-June 2023 project will elevate the already existing resilience against a multitude of severe attacks and threats.".
Closing Words
Proton addressed the security issues swiftly, except for the platform-specific issue that it claims can't be fixed at the time. The release of the password manager's applications and extensions as open source and the first security audit should strengthen trust in the solution further.
Proton Pass is a cloud-based password manager that utilizes Proton's infrastructure.
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.