Clarifying ProtonMail and Huawei

As there has been a lot of inaccurate information circulating online about ProtonMail and Huawei, the purpose of this blog post is to clarify the facts and provide information to the Proton community.

Background

On September 5th, 2019, we announced that we would be bringing ProtonMail to the F-droid alternative app store as part of our push to support alternative distribution channels in addition to Google Play, for users that either don’t want to, or can’t use Google. In our announcement, we mentioned 3 other alternatives that we are considering to support (these are being considered, so a final decision has not been made). The other options listed were the Samsung Galaxy Store, the Amazon App store, and the Huawei AppGallery.

This part of our announcement caught the attention of Bloomberg who published an article on September 6th that ProtonMail was in talks with Huawei about a potential partnership. In the past 48 hours, this story has gained a significant amount of traction online, but unfortunately, it has also been misinterpreted by many people. Because of that, we would like to add some clarifications.

What is ProtonMail discussing with Huawei?

As stated above (and also in our original post), our discussions with Huawei are about continuing to make ProtonMail available to users who have Huawei devices. Today, ProtonMail is already available on Huawei, as our Android app is distributed on Huawei devices through the Google Play store, so in terms of supporting Huawei devices, there is no change from the current situation.

What is changing is that in addition to making ProtonMail available to Huawei users through Google Play, we may also make ProtonMail available through the Huawei AppGallery.

Why support Huawei AppGallery?

Today, there are already hundreds of thousands of people using Proton services on Huawei devices through Google Play. However, due to an ongoing dispute between the US and China, it is possible that all Huawei devices globally (not just the devices in China) would no longer have access to the Google Play store, making it impossible for Huawei device users to download or update the ProtonMail app. As Huawei devices are especially popular in developing countries where Proton has many users (Huawei is the world’s second largest mobile device manufacturer), publishing on the Huawei AppGallery could become essential to continue supporting these user communities.

Note, unlike what some have alleged, this does not indicate a shift in current policy, as today, we already offer support for Huawei devices. This is therefore, a question about whether or not we will continue to support Huawei devices going forward.

Will supporting Huawei devices put ProtonMail under Chinese control?

First, we want to reiterate that regardless of our decision regarding Huawei AppGallery, there is no change today as it is already possible to use ProtonMail with a Huawei device. Thus, the actual question is: “to what extent can China influence companies which offer services to its citizens?”. The answer to this question is completely independent from Huawei AppGallery.

The applicable Chinese law is the China Internet Security Law which came into force in 2017. The law essentially stipulates that foreign companies which operate in China and process the private information of Chinese citizens, must store such data in China and make it available to Chinese authorities upon request. An example of a company which has had to comply with this law is Apple, which has extensive operations in China. A similar law went into effect in Russia back in 2015 (known as Federal Law No. 242-FZ).

Proton does not have offices, employees, subsidiaries, or any permanent establishments in China or Russia, and as such, we do not fall under the scope of these laws, nor can these laws be enforced against us. However, this does not mean that authorities in these countries would not try to enforce the laws anyways. Indeed, this is what happened in Russia in 2018 when the Federal Service for Supervision of Communications (Roskomnadzor) attempted to apply the law to ProtonMail, with the threat of being banned from Russia if we did not comply.

Proton’s position on this is clear, and has never wavered from day one. As a Swiss company, when it comes to the data of Proton users, we will only comply with the laws of Switzerland, the jurisdiction of our headquarters and where all of our servers are located. As we have always consistently stated in our term and conditions and privacy policy, any requests which fall outside of Swiss law will be politely refused. That is not to say that we ignore law enforcement requests from Russia or China and provide a safe haven for criminals, its just that we require all matters regarding Proton users to be adjudicated in Switzerland, with the full protection of Swiss law.

Is it safe to use ProtonMail on Huawei devices?

As with any question of safety, the answer depends primarily on your threat model and who you trust. Depending on the user, Google may be more trustworthy than Huawei or vice versa, or perhaps both Google and Huawei are untrustworthy. The fact remains that Google’s Android OS powers 87% of mobile devices, and Huawei is the world’s second largest mobile device manufacturer, thus, these near monopolies are not avoidable for many people. We are committed to growing the Proton ecosystem to eventually offer a safe and private choice to everyone, fully independent from these monopolies, but even then, we cannot and should not eliminate user choice lest we become a monopoly ourselves.

With regards to the concerns that many in the ProtonMail community may harbor (and which we also share to some extent), we believe that adding a second distribution model on Huawei devices in addition to Google Play, isn’t inherently more or less secure with regards to the risks of Chinese spying. Mobile device security is intimately connected to the preloaded operating system, so whether it is Apple, Samsung, Google, or Huawei, regardless of how you download your apps, you are also relying on your device manufacturer to safeguard your privacy.

Another way to say this is, only you can decide if you trust Huawei or not, and if you don’t trust Huawei, don’t use a Huawei device, and don’t download ProtonMail from Huawei AppGallery. We just don’t think it makes sense to preemptively drop support for users who may not have a choice in this matter.

What about China’s policies and human rights violations?

At ProtonMail, Swiss neutrality is one point that we take a lot of pride in. However, our views about human rights, online freedom, and democracy are well known. Words are empty in this regard, so we would prefer to let some of our past actions speak for themselves.

In the past years, we have trained journalists at the Second Asian Investigative Journalism conference, developed one of the world’s most widely used open source encryption libraries, and helped force a nationwide referendum on Swiss surveillance laws. We’ve spoken about privacy at TED and at a United Nations conference about combating terrorism while protecting human rights online. We recently worked with Reporters Without Borders Berlin to sponsor a scholarship program for journalists, and also provided funding for the largest independent news outlet in Belarus.

There are not many who believe more strongly in privacy and freedom than us. Just like our support for Google Play does not mean that we agree with Google’s position on privacy (in fact, we have condemned it strongly), supporting Huawei does not imply that we agree with China’s position on a number of issues. Our goal has always been to make privacy accessible to as many people as possible, and we just don’t think that goal is best served by cutting off support for the hundreds of millions of people who use Huawei devices.

Conclusion

We hope this offers more clarification and context to the community about this matter. As per our usual policy of full transparency, any decision that is made will always be announced to the Proton community on this blog. We welcome also your input in the comments below or on social media.

Best Regards,
The ProtonMail Team

The post Clarifying ProtonMail and Huawei appeared first on ProtonMail Blog.



*** This is a Security Bloggers Network syndicated blog from ProtonMail Blog authored by Andy Yen. Read the original post at: https://protonmail.com/blog/clarifying-protonmail-and-huawei/