Private Internet Access (PIA) has announced its decision to open-source its Android VPN app, including the dependencies of the software. As they point out, this was made in the context of proving their commitment to privacy and transparency, so they are releasing the code for the FOSS community to review. The repositories containing the source code to the app will be rolled out gradually over the next couple of weeks, starting with the Android OpenVPN repository today. This is in line with the company’s 2018 plan to open source all of its VPN clients, and follows a similar action that they took for the desktop client (both PC and Apple), and also for the Chrome and Firefox extensions.
Three weeks ago, ProtonVPN made a similar move by open-sourcing its software and calling the Free Software community to look deeper into their code. This definitely builds a trust relationship with the users, and also helps the vendor's spot any privacy or security vulnerabilities that may have slipped through the cracks. Sure, appointing firms to conduct audits is a way to find and iron out any issues, but the FOSS community is large, and the benefits of having hundreds or even thousands look deeply into your code are undeniable.
So, could this open-sourcing action become a trend in the VPN world? Without a doubt, software likes to follow trends, and we may see other VPN vendors do the same soon. However, we got to ask ourselves how important this is at the end of the day. Client apps are the front-end of a VPN service, so they mean something for us but they’re not telling the whole store. The back-end, which is the servers and how the data is handled there is even more crucial when it comes to security and privacy, and so things aren’t as simple as some may want to present them.
For this reason, Private Internet Access states that their next step will be to develop a verifiable zero access infrastructure and organize random audits to it, so as to prove that nothing shady is going on on their servers. We don’t know exactly what “random” means in this context, but we would surely welcome such initiatives. In our review of the PIA VPN, we gave it a total score of “8.5 / 10”, so it’s a pretty solid option. The deductions were made mainly because of its below-part customer support and inadequate media streaming and torrenting support.