Dashlane, the subscription-based password manager, has released the source code for its Android and iOS apps on GitHub under the Creative Commons Attribution-NonCommercial 4.0 license. The move is aimed at promoting transparency in the company’s operations and a more open development approach.
By making the code accessible for exploration and auditing, the company is hoping to receive feedback from the community for improvement and increased security vulnerability reports from cybersecurity researchers. Dashlane believes that this step will also encourage its engineers to improve the quality of the code and make it more accessible to the public. The code will be updated on GitHub every three months, but this frequency may change if the processes are improved.
Open-sourcing software increases trust in the product and provides a learning opportunity for software engineers. Additionally, security researchers can examine the code and report any issues that may have been missed by Dashlane’s core team. The company also operates an active HackerOne program that offers bounties of up to $5,000 for critical flaws.
However, it’s important to note that, at this time, direct contributions from the community will not be accepted by Dashlane. The source code release only pertains to the Android and iOS client apps and the source code for the macOS and Windows apps remains closed-source. Additionally, a significant portion of the password management system operates on Dashlane’s servers and has not been released, making it a proprietary product.
This is just the first step taken by Dashlane towards open-sourcing its products and the company has promised more will follow. The next product in line to be open-sourced is the web browser extension, but this will only happen after it meets the Google Chrome MV3 requirements.