SimpleLogin passes an independent security audit

June 15, 2022 · written by Author Image Son

At SimpleLogin, we believe in a transparent and open source model. Most companies rely on security through obscrurity. Their code is a black box and you can’t know how secure their service is.

As we deal with emails which contain sensitive data, people need to know how their data is handled. Our code is open source and anyone can read our code source. Being transparent allows any vulnerability to be quickly addressed and also allows us to receive multiple contributions from the community, ranging from fixing an error in the documentation to creating a full feature that everyone can benefit from.

Though SimpleLogin code is written in an easy to understand way, not anyone can and have the time to go through all our code, and open source does not automatically mean more secure. For that reason, independent security audits of our software are important for ensuring security.

Recently, we ask Securitum, a leading European security auditing company to run a security audit on SimpleLogin apps. Securitum currently oversees more than 300 security testing projects every year, including for many top European banks. The security audit includes:

The final report was overall positive and the only important issue was already addressed. No critical issue or security vulnerability was uncovered. The full audit report for web can be downloaded at web audit result and the one for Android app on android audit result

SimpleLogin isn’t what it is today without the open-source technologies it relies on. The principles of openness are therefore core values to our team. We believe being transparent and open to discussion is the way to create the best product for users.

For any questions or comments about the security audit for SimpleLogin apps, please share them with us on GitHub, Twitter and Reddit.