ProtonBlog

New Proton Drive mobile apps are open source 

Share this page

We’re excited to announce that we’ve open-sourced the Proton Drive Android and iOS apps’ code. This means the code for all Proton apps out of beta, including all Proton Drive apps, is now available for anyone to examine. You can verify for yourself that these are doing exactly what we claim. 

You can find the code for the Proton Drive mobile apps on the Proton Drive apps GitHub(new window).

The code for every Proton Mail and Proton Calendar app, as well as the Proton Drive web app is on the Proton Mail GitHub(new window)

You can find the code for all Proton VPN apps on its GitHub page(new window)

Security through transparency

As an organization founded by scientists who met at CERN, we believe this level of transparency is not only essential to earning the trust of the Proton community, but it’s also how progress is made. By publishing our apps’ code, we make it available to the online network of security experts and white hat hackers. 

Their close scrutiny of our apps, which we incentivize through our Bug Bounty Program, ensures that any potential vulnerabilities are swiftly discovered and resolved. This approach of ‘security through transparency’ translates to better security and privacy for your personal information. 

Proton Drive apps have passed independent security audits

As part of making the Proton Drive mobile apps open source, we also subjected them to an independent security audit by Securitum(new window). Securitum is a respected European IT security company that has conducted security audits and tests for many of Europe’s largest companies. 

These reports allow you to get an expert assessment of our apps’ security if you don’t have the time or inclination to examine the code for yourself.

According to their report, Securitum found no outstanding vulnerabilities in our Android or iOS apps.

Read the security audit for the Proton Drive iOS app(new window)

Read the security audit for the Proton Drive Android app(new window)

You can also find the latest security audit reports for all Proton services on our community page explaining why we prioritize open-source code.

A better internet begins with open source 

We’ve been supporters of the open-source community ever since we made the Proton Mail web app open source in 2015. 

We maintain two of the most popular open-source cryptographic libraries, OpenPGP.js(new window) and GopenPGP,(new window) that make it easier for more developers to add secure encryption to their own apps and secure more data. 

We’ve also contributed to multiple open-source projects over the years through our Lifetime Account Charity Fundraiser, including WireGuard(new window), Qubes OS(new window), GrapheneOS(new window), and Tails(new window).

We believe this system of open development and peer review leads to better, more secure programs that keep all of our information secure. Thank you to the Proton community for enabling our work, and we invite you to contribute to our code yourself on GitHub. 

Keep your files private, share them securely
Get Proton Drive free

Share this page

Anant Vijay

Anant is the senior product manager on Proton Drive. Before joining Proton, he had over 5 years of experience building tech product with majority of that time spent working in Silicon Valley. He holds master's degree in business from the Warwick Business School in the UK.

Related articles

Last week, the Spanish Presidency of the European Council delayed a vote regarding the Council’s position on the controversial Child Sexual Abuse Regulation (CSAR) due to a lack of consensus over the issue of encryption, among others. This proposed r
At Proton, we’re always working on new and innovative ways to protect the privacy and data of the Proton community. Sometimes that means developing entirely new services, like our Proton Sentinel program, which combines AI and human security analysts
How to unsend an email in Gmail, Outlook, Proton Mail, and Apple Mail
“Undo Send” gives you a chance to stop an erroneous message you’ve just sent. We’ve all done it. You hit Send on an email only to spot you’ve misspelled someone’s name, forgotten an attachment, or accidentally sent a cringing joke to half your conta
Google has already taken privacy washing to the extreme by trying to brand itself as “privacy focused”, even though its business model is based on surveillance.  Lately, the company’s marketing strategy has turned toward outright Orwellian doublespe
Last week, the UK government made a statement in the House of Lords acknowledging that portions of the controversial Online Safety Bill might not even be technically enforceable without breaking end-to-end encryption. This rightly received a lot of a
What is email spoofing?
Email spoofing is a technique attackers use to make a message appear to be from a legitimate sender — a common trick in phishing and spam emails. Learn how spoofing works, how to identify spoofed messages, and how to protect yourself from spoofing a