ProtonMail shoves its iOS app's source code on GitHub for world+dog to rummage around in

Let's all have a code audi- oh, wait, they did that already

9 Reg comments Got Tips?

Encrypted email biz ProtonMail has open-sourced the code for its iOS app, having paid for a code audit that says there's nothing wrong with it.

Having touted itself for years as the choice of political activists, journalists, dissidents and all the other types of people who make the world a better place, ProtonMail is throwing some of its virtual doors open to convince a largely sceptical world to get with the programme.

This is in no way related to its denials back in May that it was providing voluntary real-time surveillance access to state agencies.

"Most apps," the firm intoned in a statement today, "do not protect data in situations where the device or phone itself has been infected," going on to claim that it is capable of protecting one's emails even in situations where the device has been compromised by malware, which is a bold claim to make.

Andy Yen, founder and chief exec, grandly declared in a canned quote: "We have a responsibility to protect our users and we constantly improve our protections to keep them safe from the latest malware developments. We hope that through documenting and open sourcing our iOS code, the techniques to defend against attacks can be more widely known and utilized, contributing to a safer mobile ecosystem."

ProtonMail said the code dump, visible on GitHub, has been pre-audited by Austrian infosec bods SEC Consult.

The company added that its "Appkey" tech is the secret sauce that encrypts iOS users' emails. This and the open-sourcing was said to be inspired by the so-called Poison Carp malware, which targeted Tibetan dissidents in a similar manner to how Chinese state authorities had been using malware to steal data from the devices of the Xinjiang region's persecuted Uyghur ethnic minority.

Whether or not you trust ProtonMail's tech, the firm doesn't shy away from pissing off state authorities in countries that see freedom as a threat. Earlier this year Russia shut off access to the service from its shores, alleging it was being used by "terrorists" whose main aim was to send each other disparaging messages about a Russian university sports competition.

Last year the current Turkish regime also blocked ProtonMail, ineptly enough for locals to get around it by simply using a VPN. ®


Biting the hand that feeds IT © 1998–2020