android/mullvadvpn-app
1
0
Fork 0
mirror of https://github.com/mullvad/mullvadvpn-app.git synced 2026-03-13 10:22:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add a "Secure development" section to main README

Browse Source 
Starts explaining how we work with secure development. Far from done,
but it's a start. This now includes the section about external audits
This commit is contained in:
Linus Färnstrand
2026-02-10 16:38:42 +01:00
parent 7511b16bd4
commit 59ad11745c
1 changed files with 33 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
README.md
View File

@@ -71,7 +71,7 @@ the current state of the latest code in git, not necessarily any existing releas
[DAITA]: https://mullvad.net/en/blog/introducing-defense-against-ai-guided-traffic-analysis-daita
## Security and anonymity
## User security, privacy and anonymity
This app is a privacy preserving VPN client. As such it goes to great lengths to stop traffic
leaks. And basically all settings default to the more secure/private option. The user has to
@@ -80,6 +80,35 @@ on what the app blocks and allows, as well as how it does it.
[dedicated security document]: docs/security.md
## Secure development
Since the security of the users of the app is a top priority, by extension the security
of the development and release process also becomes a top priority. This is something we work
actively on.
[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9411/badge)](https://www.bestpractices.dev/projects/9411)
### Git signatures
All merge commits to the main branch must be PGP (gpg) signed in git. This signs off the entire
feature branch. The individual commits in the feature branch do not need to be signed,
unless they change one or more of the files deemed extra important.
The list of files requiring signatures to every commit that change them is defined in the
[`verify-locked-down-signatures`](.github/workflows/verify-locked-down-signatures.yml)
workflow.
### Audits, pentests and external security reviews
This app is audited by external security experts and penetration testers every second year.
We also carry out feature specific audits for certain security critical features and changes.
The results of these audits are always made public in their unredacted original form, for
full transparency towards the users. See the [audits readme](./audits/README.md) for this.
Moreover, we welcome any individual to review the security of this app and submit any found
issue to us. See [SECURITY.md](SECURITY.md) for more.
## Checking out the code
This repository contains submodules needed for building the app. However, some of those submodules
@@ -98,8 +127,9 @@ git submodule update --init wireguard-go-rs/libwg/wireguard-go
```
Further details on why this is necessary can be found in the [wireguard-go-rs crate](./wireguard-go-rs/README.md).
We sign every commit on the `main` branch as well as our release tags. If you would like to verify
your checkout, you can find our developer keys on [Mullvad's Open Source page].
We sign every merge commit to the `main` branch as well as our release tags.
If you would like to verify your checkout, you can find our developer keys on
[Mullvad's Open Source page].
### Binaries submodule
@@ -433,11 +463,6 @@ For instructions specific to the Android app, see [here](./android/README.md).
For instructions specific to the iOS app, see [here](./ios/translation/README.md).
## Audits, pentests and external security reviews
Mullvad has used external pentesting companies to carry out security audits of this VPN app. Read
more about them in the [audits readme](./audits/README.md).
# License
Copyright (C) 2026 Mullvad VPN AB