ProtonBlog(new window)
illustration of Proton Mail Android client security

Proton Mail Android client security

Share this page

The following article presents a high-level overview of Proton Mail’s Android security model and explains how the app protects your sensitive data. You can view our Android app’s open-source code on GitHub(new window).

Read our threat model(new window) for more information on what threats Proton Mail is designed to counter.

Although this article covers technical subject matter, we wrote it to be as accessible as possible to the general audience.


The Proton Mail Android app stores as little data as possible on your device. This approach allows the app to provide higher data security and more efficiently use the device’s storage space. However, it does need to store some data locally. This data includes:

  • Encrypted messages (only messages opened since the last login are stored), attachments (only attachments viewed since the last login), and metadata
  • Public and private keys for encrypting and decrypting messages
  • Access tokens for communication with the Proton Mail API
  • User account details (e.g., username, time of last message, etc.)
  • Application and account settings
  • Miscellaneous preferences

The app keeps some of this data in secured (encrypted) key-value pairs or inside a local database. Almost all of this data is encrypted at rest.

Protection of application assets

User credentials

Although the username persists in the application, your password is neither persistent nor cached. After your enter your password, it is immediately delegated to the app’s internal Secure Remote Password (SRP) Protocol logic. 

Learn more about the Android app’s authentication process(new window)

Database protection

The application keeps databases in its private storage space where they are inaccessible to other applications, and all sensitive data is encrypted.

Secure shared preferences

One of Android’s mechanisms for storing application data is Shared Preferences, which, in a nutshell, stores data in key-value pairs. Because this data is kept in plaintext, we have added a custom encryption wrapper around it. This wrapper keeps all persistent data contained in our application’s preferences private and encrypted. Additionally, the keys used for the custom encryption wrapper are protected by the Android Keystore.

Require user approval to load embedded images and remote content

By default, the app blocks embedded images and remote content. You have to manually load them or disable this block in the app’s settings.


Our app downloads regular attachments into the primary storage folder of the device (i.e., the Downloads folder). However, we handle other types of embedded and remote content somewhat differently:

  • Remote content (e.g., linked images) is never downloaded to persistent storage.
  • Embedded images are downloaded similarly to regular attachments, but they are kept in the application’s private storage (instead of a public directory).

Push notification encryption

Proton Mail’s push notification servers always encrypt the notifications they send, and the Proton Mail client decrypts these notifications locally. These notifications are never stored on the device.

Application auto-locking and biometrics

We have implemented a straightforward, PIN-based feature to automatically lock the application after a period of inactivity. Once the app is locked, it prompts the user to enter their PIN to unlock it. (You can activate this PIN protection in the settings.) If you choose this option, you can also open the app using the device’s own biometric authentication (you will have to have already registered your biometric data before your can override the PIN). This lets you benefit from the convenience of your device’s biometric scanners without lowering the security level of the app.


There are two ways to download and update the Proton Mail Android app. One is via the Google Play Store, which lets you take advantage of the update mechanism in Google Play to retrieve and apply app updates. 

You can also download our app directly from our website as an APK file(new window). Alongside the download link, you can find the SHA-256 checksum they need to verify the APK file’s integrity.

Attack mitigation

Here we describe the potential attack vectors of the Android client and how we mitigate these attacks.

Web-based attacks

All emails are treated as HTML emails and are rendered by the WebView (android.webkit) component. Since all incoming messages could potentially contain malware, we have disabled JavaScript execution in the WebView configuration for incoming messages. On top of this, we do preprocessing and HTML sanitization to strip out any suspicious content. 

Note: Like other mobile email apps, JavaScript execution is allowed in certain WebViews used by the app (e.g., a human verification CAPTCHA dialog) but never in the email content WebView.

Man-in-the-middle attacks

Man-in-the-middle (MITM) attacks are more difficult to accomplish against Proton Mail because of our use of end-to-end encryption(new window) and zero-access encryption(new window). We have implemented several safeguards in our overall security architecture, like Address Verification(new window), which prevents MITM via a fake public key. We have also put in place protection against network-level MITM attacks.

Certificate pinning

We use the TrustKit-Android(new window) open-source library for certificate pinning to prevent an imposter server, even one equipped with an otherwise valid TLS certificate, from being able to pose as Proton Mail and intercept network traffic. 

Attacks from a malicious app (sandboxed)

Android Lollipop 5.0, which included SELinux, was the first Android version to feature a strengthened Application Sandbox. Each subsequent major Android OS release came with improved application sandboxing, meaning a malicious application (assuming it does not have root privileges) poses very little threat to the Proton Mail Android app.

Android security model scope

No application can protect its users against every potential threat 100% of the time. Proton Mail Android provides additional protection for your data. However, certain conditions are outside of the scope of this security model. 

User device security

We assume that users keep their Android devices secure. For instance, if an you root your device, we expect you to understand that this makes it much easier for malicious applications to bypass the restrictions of the Android application sandbox.

We also expect your device to be free of any malicious software (keyloggers, screen recorders, etc.) that could monitor your actions.

We do our best to protect your data even when your device is compromised. However, all security systems are more likely to fail if the device in question is already compromised.

Android protection

Our application attempts to leverage all of the most recent security improvements offered by the current Android operating system (OS). While our client supports a broad range of Android OS versions (all the way back to Android 5.0 Lollipop), we highly recommend you regularly update your Android OS so that you’re always using the most recent release. 

Audits and open source

We released the Proton Mail Android client as free and open-source software under a GNU General Public License. The app has been audited by the respected security firm SEC Consult(new window). We have published the results of this audit(new window)

We invite the developer community to inspect our code and participate in our public bug bounty program(new window). You can send bounty submissions to

Our recommendations for keeping your device secure

We have an entire article dedicated to covering how to protect your privacy on Android(new window) devices. However, here are five basic steps you can take to improve your Android device’s security. 

  1. Enable biometric or PIN protection in the device settings.
  2. Keep your Android OS updated to the most recent version.
  3. Encrypt your device.
  4. Do not root your device unless you understand the consequences and have a very good reason for doing so.
  5. Do not open links or download attachments from untrusted senders.

If you have any questions about our Proton Mail Android security model, please contact our team at Thank you for your support.

You can get a free secure email account from Proton Mail here.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan(new window). Thank you for your support.

Feel free to share your feedback and questions with us via our official social media channels on Twitter(new window) and Reddit(new window).

Secure your emails, protect your privacy
Get Proton Mail free

Share this page

Proton Team(new window)

We are scientists, engineers, and specialists from around the world drawn together by a shared vision of protecting freedom and privacy online. Proton was born out of a desire to build an internet that puts people before profits, and we're working to create a world where everyone is in control of their digital lives.

Related articles

Even though the Snowden leaks came out 10 years ago, the United States never ended its unconstitutional surveillance program. It now has a chance to close the legal loopholes that allow warrantless spying on US citizens. But Congress needs to act bef
Over the past year, hackers have been using new and clever techniques to steal people’s online data. At Proton, we’ve been monitoring these evolving strategies and updating our defenses to stay ahead of the arms race.  Often, the attacks involve new
password fatigue
Most people in the digital age have dozens, if not hundreds, of passwords, and keeping track of them is tiring, to say the least. If you’re suffering from password fatigue, you’ll be happy to know there’s an easy fix. The short answer is that you sh
are password managers safe?
Password managers are a great way to generate secure passwords, keep them in encrypted storage together with your credit card details, and improve your online security across the board. But you might be worried about keeping so much sensitive data in
Most of us probably wouldn’t consent to sharing photos of our family and friends with random strangers on the internet. But that’s exactly what we do when we automatically sync our pictures to the non-private servers of Big Tech companies, which can
Google Drive is the world’s most popular cloud storage service by far, with over 3 billion people using Google Workspace (which includes Google Drive, Google Calendar, Gmail, and more). But this ubiquity has recently caused concern following several