Proton
illustration of Proton Mail iOS open source

We’re happy to announce that the Proton Mail iOS app is now fully open source. 

We believe in transparency, the power of community, and building a more private and secure future for all. That’s why our web app has been open source since 2015, and it’s why we have contributed to the open source community by maintaining cryptographic libraries for the JavaScript(nové okno) and Go(nové okno) programming languages.

Now we’re taking the next step by open sourcing our iOS app. You can find the code on our Github page(nové okno)

Why open source?

At Proton, security is our overriding priority, particularly because of the many dissidents and activists who use our service. Our emphasis on security extends to all areas of our work, from our use of end-to-end encryption, to the way we engineer our applications. As part of our commitment to security, we are putting all of our software through rigorous, independent third-party audits.

Already there are third-party audits for OpenPGPjs and GopenPGP, our open source cryptographic libraries. Earlier this year, we engaged the renowned security firm SEC Consult(nové okno) to conduct an independent audit of Proton Mail’s iOS application. We are now making our iOS app open source now that it has been independently vetted. For more information, read the full iOS app audit report(nové okno).

Open source provides transparency and accountability to the Proton community. Allowing people to see and review our code increases trust in both the security of the platform and our commitment to develop a more secure and private Internet. By making our code available to the world, and with the help of our bug bounty program, we can leverage the global Proton community to make our software as secure as possible.

Open source at Proton Mail

We strongly believe in open source, and we are committed to open sourcing all of our client software. Our web app has been open source since 2015, and since we made our iOS app open source, we have published the code for our desktop Bridge app, our Android app, and all the Proton VPN apps(nové okno).

This means that all Proton apps that are out of beta are open source.

In addition to making our iOS app open source, we have also documented and published our iOS security model. This is important to us because raw code without documentation can be almost unintelligible sometimes, and a documented security model will assist in rigorous assessment and review of our code by the public. Our iOS trust model(nové okno) is also available on our Github page.

There has been a recent increase in state-sponsored malware attacking iOS, and in some cases specifically targeting Proton Mail users. Our iOS security model also highlights exactly what we are doing to give Proton users a higher level of security compared to typical apps. In particular, we have implemented safeguards which allowed the Proton Mail iOS app to protect against a recent malware targeting Tibetans and Uyghurs (see our security advisory).

Making our code freely accessible to the developer community also encourages innovation in the field of privacy tech. Developers are free to implement and build upon the methods that we have documented and published. We believe that when developers work together to solve real-world privacy challenges, everyone benefits, and we hope that the publication of our code will result in safer and more robust iOS apps.

We’re excited to share our code, and we look forward to hearing your feedback on Github or directly via email at contact@proton.me.

Best Regards,
The Proton Mail Team

You can get a free secure email account(nové okno) from Proton Mail here.

We also provide a free VPN service(nové okno) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan. Thank you for your support.

Související články

A computer monitor, a box of case files, and a lock representing law firms that protect their information security
en
A simple guide to law firm cybersecurity. See how to protect business and client data, prevent breaches, and stay compliant with encryption.
The cover image for a Proton Pass blog about brushing scams, which shows a package with a warning sign above it
en
A brushing scam means your personal data has leaked online. Learn how to protect yourself with hide-my-email aliases and dark web monitoring.
An encryption lock breaking
en
Apple turned off its end-to-end encryption in the UK in response to a government notice. We look at what this means and how people in the UK can protect their data.
Image showing Google, Apple, and Meta as apps that allow surveillance
en
Big Tech companies - Apple, Google, and Meta - have built a mass surveillance machine that the government can easily tap into.
Proton symbol for protecting user privacy after Apple disabled ADP in the UK
en
Apple dropped ADP for UK users, leaving data unprotected by end-to-end encryption. See why E2EE matters and how to keep your data safe.
The cover image for a Proton Pass blog about how to find your saved passwords on Android, which shows a phone screen, an Android icon, and three password fields
en
If you're using an Android device, here's how you can find the saved passwords on your phone and how Proton Pass can help you organize them more securely.