Dashlane announced it had made the source code for its Android and iOS apps available on GitHub under the Creative Commons Attribution-NonCommercial 4.0 license.
The popular subscription-based password manager and digital wallet have decided to release the code of its mobile apps to increase transparency in how they operate while also promoting a more collaborative and open development approach going forward.
“Transparency and trust are part of our company values, and we strive to reflect those values in everything we do. We hope that being transparent about our code base will increase the trust customers have in our product.” – Dashlane.
“We also believe in a more open digital world in which developers can easily participate and connect with each other. This is our contribution to this ambition and another step in that direction,” adds the announcement.
By making its mobile app’s code available to anyone for exploration and auditing, the company hopes to receive feedback from the community on improving it and increased security vulnerability reports from cybersecurity researchers.
The password manager maker says this “opening up” will also incentivize its engineers to “level up” the quality of the code and make it suitable for the masses to read and understand.
Dashlane plans to update these code snapshots on GitHub every three months, but it might do it more frequently if the associated processes are enhanced accordingly.
Those interested in taking a look can find the Android app code here and the iOS app code on this repository.
Why does this matter?
Open-sourcing software means making its code available to anyone for scrutiny, inherently increasing trust in the product.
Moreover, it gives software engineers another example of how things are done, which is especially important when this example comes from a successful project.
Thirdly, security researchers can dive into the code and see if they can find any issues Dashlane’s core team has missed. The password manager has an active HackerOne program paying bounties of up to $5,000 for critical flaws, so bug hunters can engage immediately.
However, it’s important to note that Dashlane has not transitioned to becoming an open-source project overnight, and for the time being, no direct contributions from the community can be accepted. Suggestions will still be welcomed and listened to, though.
We should also clarify that the source code release concerns only the client apps for Android and iOS, so those of macOS and Windows remain closed-source.
It’s also worth noting that while the source code for the mobile client applications has been made publicly available, a significant portion of the password management system operates on Dashlane’s servers and has not been released. This means that a substantial part of the product remains proprietary.
This, of course, does not degrade the importance of this first step taken by Dashlane, and the software vendor has already promised that more will follow.
The next product to be open-sourced, according to Dashlane, is its web browser extension, but this will happen after it has fully transitioned to meeting the Google Chrome MV3 requirements.
Source: www.bleepingcomputer.com