Open source app published on F-Droid
We are happy to announce that everyone can get the Tutanota Android app from F-Droid. Publishing the app on F-Droid was a challenge, but it was definitely worth it. To date, no email service has published their Android app on F-Droid, the number one platform for free and open source apps.
Most email services rely on Google’s GCM (now FCM) for push notifications, which make an F-Droid release impossible. If you search F-Droid for email apps, you will not find one app of a known email service, except for Tutanota, which - to be honest - makes us a bit proud.
Get an open source email app - guaranteed Google-free
With the app release on F-Droid, Tutanota now proves that it is possible to build a secure email service that is completely Google-free, giving people a real open source alternative to data-hungry services such as Gmail, Yahoo, and GMX.
"We are happy to see how enthusiastic Tutanota is about F-Droid and free software, having rewritten their app from scratch so it could be included. Furthermore, they take special measures to avoid tracking you, and the security looks solid with support for end-to-end encryption and two-factor authentication", says the F-Droid team.
Why is being Google-free so important?
Google-free can not simply be achieved by quitting Gmail. Most email services rely on Google products: FCM for push notifications, Google Captcha or other dynamically loaded third party code.
If a client uses external services such as Google Push or Google Captcha, it is always possible for them to track user activity and collect personal information. When a provider trusts such a service so that it downloads and executes code dynamically, this opens an attack vector for malicious code injection. This could happen without the provider noticing.
Trusting third party code is a severe security threat that must not be underestimated: If Snowden had used a service with third party code, the NSA would not have needed to subpoena said service. They could simply ask Google or any other service providing code for said service to inject a snippet of code that logs the login password when the person signs in the next time.
What Tutanota does to guarantee maximum security
We at Tutanota make sure that the Tutanota application does not address other applications and does not load and execute external code from other services. Instead of relying on other services like Google Captcha, we prefer to build our own open source solution.
We use code from other open source libraries in Tutanota, but these are statically coded into our application, and we make sure that these applications can not load code. To protect your privacy to the maximum, we have implemented the following measures:
- No usage of external services such as Google Captcha
- No usage of Google libraries in the Android app (no Google Push)
- Using our own push notification system
- No reloading of external code from other libraries
- Reviewed all implemented open source libraries
- Using strict Content Security Policy header (CSP)
- Using an HTML sanitizer for showing unknown content (in emails) to prevent XSS-attacks
- By default, no external content is loaded from other servers (pictures and videos in your emails)
- Built our own secure desktop clients instead of allowing Pop/IMAP
Focus on privacy, security and ease-of-use
From its early days, Tutanota has been published on GitHub as open source, licensed under GPLv3.
We build Tutanota to establish a secure alternative to mainstream email services like Gmail, GMX and Yahoo that spy on their users. Quitting Google is not easy, but the effort is worth it: You will regain control over your data. When you use services like Tutanota's fully encrypted mailbox, you own your data - no one else can access it.
And, of course, when it comes to quitting Google, F-Droid is one of the most important platforms you’ll need as this is the best place to get Google-free Android apps with automatic updates.
Updating our open source apps to fully get rid of Google
Our Android and iOS apps have been published as open source from the start. The original Tutanota Android app has been built based on Cordova, which in the past made it impossible to publish it on F-Droid because the F-Droid servers could not build the app.
Not being able to publish our Android app on F-Droid was one of the main reasons we started to re-build the entire Tutanota web client. We are privacy and open source enthusiasts, we ourselves use F-Droid. Consequently our app must be published there, no matter the effort.
In the past year, we have completely re-build our mail client and published the new mail client with lots of enhancements in public beta. The new client is much faster, comes with a better design, enables search on encrypted data, supports 2FA and auto-sync, and it is not based on Cordova anymore.
This update finally makes it possible to publish the brand-new Tutanota Android app on F-Droid!
Tutanota enables you to quit Google
We are very excited about this release, not only because of the new features, but most of all because the new Android app finally comes without any ties to Google services. To us this update was very important as it makes Tutanota the best open source email service.
We encourage our users to leave Google behind - offering a Google-free Android app, therefore, is a minimum requirement that we demanded from ourselves.
We are very happy that we can now get our own app from F-Droid, and we recommend that you get it from F-Droid as well. :)
If you love open source as much as we do, join us on Mastodon, our favorite open source social network.
Help us to build the best open source email service!
At Tutanota we are a passionate team of privacy and open source advocates.
We are always on the lookout for developers to join our team. We are committed to sustainable growth and invest all income generated from selling Tutanota into our team. We want to make sure that everyone joining our team is as passionate about privacy and open source as we are.
With the entire team sharing our vision of a private and secure Internet, it is much easier to prioritize development steps such as publishing the Android app on F-Droid or building a desktop client with built-in encryption.
Published on GitHub since 2014
Going open source was one of the most important steps for our secure email service Tutanota. Publishing the Tutanota code on GitHub shortly after our initial release of Tutanota, gave us a great push back in 2014 because many people started building the Tutanota client locally.
Since most people being active on GitHub are developers themselves, they gave us very valuable feedback on how to improve Tutanota and its security.
We want many more people to watch our code and to build it locally. We are convinced that it is crucial for any secure email service that the community digs deep into the code to further improve its security.
After our open source release in September 2014, we have added many improvements to Tutanota. We have implemented DANE support, which immensely enhances the security of SSL. We have build an Android and an iOS app, and published these as open source apps as well.
We would have loved to add our open source Android app on F-Droid right then as well. Unfortunately, as described above this was not possible at the time so we focused on improving the Tutanota email client and the app features. However, we know that many of our users do not want to use Google - for a very good reason - so we made the app available on our website as well.
We were able to publish the apps around Christmas 2014, and it was a great feeling receiving so many thank-you emails at this time of the year! Only a few months later, we added an extended version of Tutanota for only €1 per month, which is constantly growing in features. This now enables us to keep Tutanota running independently.
Join our open source translation project
Shortly after the open source release, we also started a translation project for Tutanota. By now around 180 volunteers have joined and translated Tutanota into more than 30 languages. This support is simply amazing!
It shows us that a secure email alternative is needed around the world, particularly in countries where people lack freedom of expression and a right to privacy. We are constantly adding languages to Tutanota, and we are happy about everyone who wants to join the Tutanota translation project.
We have planned many more features to improve your open source email service. We are very happy about all the feedback we receive in our community forum so that we can decide better what to prioritize.