The Proton Technologies firm continues to propose initiatives aimed at ensuring the transparency of its ProtonMail applications, this week it announced the availability of the source code of its popular ProtonMail iOS App.
“During the initial code review, SEC Consult found seven low-risk vulnerabilities in the reviewed source code and the mobile app.” reads the report published by SEC Consult. “Although issues with certificate validation have been identified within the encrypted communication between the mobile application and the
The vulnerabilities found by the researchers include
In addition to the source code, Proton Technologies has made available some documentation, including its iOS security and trust models, that should make it easier for interested parties to review the code.
“Already there are third-party audits for OpenPGPjs and GopenPGP, our open source cryptographic libraries. Earlier this year, we engaged the renowned security firm SEC Consult to conduct an independent audit of ProtonMail’s iOS application.” reads the blog post published by the company. “We are now making our iOS app open source now that it has been independently vetted. For more information, read the full iOS app audit report.”
“In pursuit of this goal, independent
The company explained that developers are free to implement and build upon the methods that it has documented and published. The contribution of the cyber security community could help the company
In May, the email service ProtonMail has been accused of offering voluntarily real-time surveillance assistance to law enforcement.
On May 10, while Stephan Walder, a public prosecutor and head of the Cybercrime Competence Center in Switzerland’s Canton of Zurich, was giving a presentation at an event when the Swiss lawyer Martin Steiger live-tweeted from the event that Walder incidentally mentioned ProtonMail as a service provider that voluntarily offers support to law enforcement.