Is Olvid Open Source?


A technology fully open for review and a code open for some to start with

  1. Our cryptographic protocols are fully available and published here.

  2. In addition, they have been formally and independently validated by Michel Abdalla, an Adjunct Professor at ENS (École Normale Supérieure - PSL), CNRS Senior Researcher and Chairman of the Board of IACR (International Association for Cryptologic Research).

    • The full source codes have been made available to Mr. Abdalla so that he can validate the protocols as they are actually implemented.

    • The article formalizing his results is published in this IACR ePrint.

  3. Olvid is the first and only instant messenger to have received one (then two!) Security Visas (CSPN certifications) issued by ANSSI.

    • The iOS and Android versions of Olvid have received these CSPNs following an audit by Synacktiv. This ITSEC (Information Technology Security Evaluation Center) received and evaluated the complete source code of Olvid’s iOS and Android clients

    • Security scope, certification reports and ANSSI certificates are available here for iOS and here for Android.

    • In a rare move for transparency, we are also publishing the two Technical Evaluation Reports (fr) produced by the excellent team at Synacktiv :

  4. In addition, Olvid’s code is currently the subject of a public Bug Bounty program via the Yes We Hack platform. This means that we have officially allowed hunters (attack experts) to attack our iOS and Android implementations of Olvid. If a flaw is discovered, we fix it and pay the victorious hunter. This makes Olvid more secure, the hunter is happy, life is good 🌈.

Open source code to all this year

  • Olvid’s code is currently not open source and open to all. But this is only a matter of time and one of our priorities for 2021. We will reach this milestone when the Olvid development team is able to audit and reply to all pull requests.