Protect Your Passwords Like Never Before with Dashlane's Mobile Apps Source Code Release
Dashlane Password Manager has released the source code of its iOS and Android apps. Interested users and developers may check the code that are now available on GitHub.
Dashane Password open sources its mobile apps
In case you didn't know, Dashlane debuted in 2012, for Windows and Mac as a commercial service. Making its apps open source doesn't let you use it for free, you will still require a subscription for your account. The point of releasing the source code is transparency on the company's part, to help users, developers, and potential business users (sys admins) study the code, and understand how it works.
TechCrunch reached out to Dashlane with some questions to which the company had responded saying that the source code for the apps have been released for auditing purposes. Code reviewers and skilled developers may analyze the quality of the source code that has been published, to check for vulnerabilities, security issues, and offer suggestions on the GitHub pages.
The downside to this is that third-party developers will not be able to add their code to the projects. This is very important, for example, the efforts of an individual developer made it possible for Bitwarden to merge their pull requests ti add support for Argon2. Such contributions are not possible for Dashlane's apps at the moment, but the password manager service says that it plans to allow developers to contribute and participate in the development of its apps.
In what seems like a rather unusual decision, Dashlane has opted for a Creative Commons license to open source the code. To be more specific, the code has been released under the Creative Commons Attribution-NonCommercial 4.0 license (used for media rights), instead of GNU General Public License (GPL), Mozilla Public License (MPL), etc., that software are normally licensed under.
The Creative Commons license terms allows users to share, i.e, copy and redistribute the code, but it forbids them from using it for commercial usage. That shouldn't be too much of a problem, except the source code for Dashlane's apps are not availanle in their complete form. The company stats that some important parts are missing. This was intentional, and part of the process in which it plans to publish the code. While that's not exactly great, it is a first step in the right direction.
However this also means that we cannot expect a fork of Dashlane's apps anytime soon. Dashlane has confirmed that it will release the source code of its web extension in the future, after adding compatibility for Google's Manifest V3. While the official announcement didn't specifically mention this, the source code of its Mac and Apple Watch apps have been published on GitHub too. Refer to Dashlane Android apps, and Apple apps on Github for the source code.
It's good to see password managers taking up their security more seriously, especially in the wake of recent incidents such as Norton Password Manager attack, the LastPass data breach. Well, at least it contributed to the greater good. Then again, no cloud-based password manager is truly safe, hackers are now trying to trick Bitwarden and 1Password users with phishing scams to harvest their usernames and passwords. The hackers did so with the help of malicious ads that they placed on Google's search results.