The ProtonMail app on iOS is now fully open source

[Karlston]

The ProtonMail app on iOS is now fully open source

Proton Technologies AG has announced that its ProtonMail app on iOS is now fully open source, with the code now available on GitHub. Giving some reasons for the open sourcing of the app, the firm said that it believes “in transparency, the power of community, and building a more private and secure future for all.”

 

The open sourcing of the app follows a security audit of the software carried out by the security firm SEC Consult. Proton said that by opening up its code, it helps build the trust of its users who can see what the app does and can even use the source code to build their own version of the app if they don’t trust the binaries being distributed.

 

Commenting on the open sourcing of the application, Proton said:

“Developers are free to implement and build upon the methods that we have documented and published. We believe that when developers work together to solve real-world privacy challenges, everyone benefits, and we hope that the publication of our code will result in safer and more robust iOS apps.”

Accompanying the release of the source code, the firm has also documented the iOS security model which can help the public review some of the more unintelligible code found within the app.

 

With the source code now open, reviewing the code for bugs is an option if you’d like to earn some money via the ProtonMail bug bounty programme. Also, if you’re new to the Swift programming language and creating apps for iOS, reviewing existing programs and seeing how they work is a great way to improve your coding skills.

 

 

Source: The ProtonMail app on iOS is now fully open source (Neowin)

[steven36]

ProtonMail shoves its iOS app's source code on GitHub for world+dog to rummage around in

 

Let's all have a code audi- oh, wait, they did that already

 

 

Encrypted email biz ProtonMail has open-sourced the code for its iOS app, having paid for a code audit that says there's nothing wrong with it.

 

Having touted itself for years as the choice of political activists, journalists, dissidents and all the other types of people who make the world a better place, ProtonMail is throwing some of its virtual doors open to convince a largely sceptical world to get with the programme.

 

This is in no way related to its denials back in May that it was providing voluntary real-time surveillance access to state agencies.

 

"Most apps," the firm intoned in a statement today, "do not protect data in situations where the device or phone itself has been infected," going on to claim that it is capable of protecting one's emails even in situations where the device has been compromised by malware, which is a bold claim to make.

 

Andy Yen, founder and chief exec, grandly declared in a canned quote: "We have a responsibility to protect our users and we constantly improve our protections to keep them safe from the latest malware developments. We hope that through documenting and open sourcing our iOS code, the techniques to defend against attacks can be more widely known and utilized, contributing to a safer mobile ecosystem."

 

ProtonMail said the code dump, visible on GitHub, has been pre-audited by Austrian infosec bods SEC Consult.

 

The company added that its "Appkey" tech is the secret sauce that encrypts iOS users' emails. This and the open-sourcing was said to be inspired by the so-called Poison Carp malware, which targeted Tibetan dissidents in a similar manner to how Chinese state authorities had been using malware to steal data from the devices of the Xinjiang region's persecuted Uyghur ethnic minority.

 

Whether or not you trust ProtonMail's tech, the firm doesn't shy away from pissing off state authorities in countries that see freedom as a threat. Earlier this year Russia shut off access to the service from its shores, alleging it was being used by "terrorists" whose main aim was to send each other disparaging messages about a Russian university sports competition.

 

Last year the current Turkish regime also blocked ProtonMail, ineptly enough for locals to get around it by simply using a VPN.

 

Source

[Ha91]

What programming language should one start to learn at this time? Asking for a little brother. I only use a bit of Python and R because that's all I need.

Rust? Swift? Python?

@Mach1@Karlston@steven36@straycat19@Sylence