Dashlane’s Mobile Code Now Publicly Available
We are proud to announce that we’ve made the source code of the Dashlane Android and iOS applications publicly available!
If you’re interested in taking a look at how it all works, you can find the code for Android and iOS on the Dashlane GitHub account under a Creative Commons Attribution-NonCommercial 4.0 license.
We plan to update these projects on a quarterly basis, and we might update more frequently in the future as we improve our internal capabilities and processes.
What can you do with the code?
The main benefit of making this code public is that anyone can audit the code and understand how we build the Dashlane mobile application. Customers and the curious can also explore the algorithms and logic behind password management software in general. In addition:
- Business customers or those who may be interested can better meet compliance requirements by being able to review our code.
- Android or iOS engineers, whether they’re job candidates or just curious, can share thoughts about our code—we always love to hear feedback.
- White-hat hackers can test their skills and leverage the code to find vulnerabilities or security issues. (If you do happen to find something, report it on our HackerOne Bug Bounty program.)
While we are not yet in a position to accept contributions to the code, in the future we aspire to make it so external contributors can suggest improvements directly in GitHub. But this also requires another level of internal organization.
We took the first step of making the source code available knowing that this is just the start of the journey, and we’re excited to share more as soon as we can. However, you won’t be able to build your very own Dashlane with this code—we’re sharing the recipe, but we had to leave out a few of the ingredients that make it our own.
Why did we decide to make our source code available?
Transparency and trust are part of our company values, and we strive to reflect those values in everything we do. We hope that being transparent about our code base will increase the trust customers have in our product.
We also believe in a more open digital world in which developers can easily participate and connect with each other. This is our contribution to this ambition and another step in that direction.
There’s also an internal side benefit to sharing our code base publicly: it forces our engineering team to level up on the quality of the code, to make it cleaner, and to ensure it’s readable. We would not want to share code we cannot be proud of, even though all code includes some level of tech debt and legacy content.
What work went into this project?
Getting the code ready for public exposure required quite a bit of work. We had to clean up comments, and we also had to build the automation to generate the publicly available code package. This involved identifying and stripping internal content, such as the specifics used to publish the application as well as integration and UI tests.
From there, our security team audited the code to make sure everything was ready for the public. Finally, we prepared dependency checker tools in GitLab to facilitate auditing. After all that work, we released it to the world.
We’re looking forward to feedback from our customers and the technical community about our mobile code. Dashlane is always looking for new ways to improve and iterate, and we hope this will be an opportunity to gain additional perspective and continue to polish the quality of our mobile applications.
In the future, we are planning to make the code base of our web extension available. But since we’re going through a significant migration at the moment due to Google Chrome MV3 requirements, we want to complete that effort before making the extension code publicly available.
Eventually, we will allow other developers to contribute actively and participate in the development of Dashlane. In the meantime, however, we will keep making our source code public for relevant Dashlane projects as we have done in the past. A recent example is our post-quantum cryptography exploration. You can also check out our developer resources.