Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

ProtonMail shoves its iOS app's source code on GitHub for world+dog to rummage around in

Let's all have a code audi- oh, wait, they did that already

Encrypted email biz ProtonMail has open-sourced the code for its iOS app, having paid for a code audit that says there's nothing wrong with it.

Having touted itself for years as the choice of political activists, journalists, dissidents and all the other types of people who make the world a better place, ProtonMail is throwing some of its virtual doors open to convince a largely sceptical world to get with the programme.

This is in no way related to its denials back in May that it was providing voluntary real-time surveillance access to state agencies.

"Most apps," the firm intoned in a statement today, "do not protect data in situations where the device or phone itself has been infected," going on to claim that it is capable of protecting one's emails even in situations where the device has been compromised by malware, which is a bold claim to make.

Andy Yen, founder and chief exec, grandly declared in a canned quote: "We have a responsibility to protect our users and we constantly improve our protections to keep them safe from the latest malware developments. We hope that through documenting and open sourcing our iOS code, the techniques to defend against attacks can be more widely known and utilized, contributing to a safer mobile ecosystem."

ProtonMail said the code dump, visible on GitHub, has been pre-audited by Austrian infosec bods SEC Consult.

The company added that its "Appkey" tech is the secret sauce that encrypts iOS users' emails. This and the open-sourcing was said to be inspired by the so-called Poison Carp malware, which targeted Tibetan dissidents in a similar manner to how Chinese state authorities had been using malware to steal data from the devices of the Xinjiang region's persecuted Uyghur ethnic minority.

Whether or not you trust ProtonMail's tech, the firm doesn't shy away from pissing off state authorities in countries that see freedom as a threat. Earlier this year Russia shut off access to the service from its shores, alleging it was being used by "terrorists" whose main aim was to send each other disparaging messages about a Russian university sports competition.

Last year the current Turkish regime also blocked ProtonMail, ineptly enough for locals to get around it by simply using a VPN. ®

 

Similar topics

TIP US OFF

Send us news


Other stories you might like