Safer Apps


"Safer Apps" is a certification program by the non-profit AtomJump Foundation to encourage a new level of app safety.

Below we've shown a selection of "Safer Apps", which meet both criteria for this program:

1. Being "open source" (i.e. the software innards are transparent, and open to peer-review)
2. They run in a standard web browser interface (which means they stream to your computer in a safer "plain text" format, rather than as a "binary")

You may want to Expand the picture to explore the apps.
Why did we call this program "safer apps" rather than "safe apps"? Because, depending on how you define "safe", no app can ever be 100% "safe". There is always some level of security or enhancement needed to make an app safer. Therefore, it can only ever be an aspirational goal: which is why we've gone with the term "safer apps".

Safety Definition

Let's define what 'safe' means, as it can mean several things:

Definition
1. There is no level of "lock-in", or control, that the developer is trying to have over you by using their app. The acid test: If the app developer went out of business today, would you be stuck?
2. Your private data stays private, and your personal, public data is not abused for commercial gain.
3. The app cannot misuse your personal hardware e.g. your phone's camera, or microphone, in unexpected ways.
4. Hackers cannot gain access to your personal data or device. This issue is an ongoing challenge for app developers, and the battle is never 100% won, but there are important steps which can be taken to help improve security.
5. If there is any level of group discussion in the app, you can feel "safe" in the knowledge that you will not be verbally abused online. And yet you should still feel "safe" to be able to express a reasonable opinion. Your physical safety should also not be compromised.
We believe for an app to achieve the highest level of safety there are two crucial factors, which also form the requirements to be a part of this program:
Criteria 1
The 'front-end' app that you put on your device is a 'Progressive Web App', meaning that it looks like an 'app' on your device home screen, with it's own icon, but it actually runs in your web browser when it is opened. These types of app come across to your phone in 'plain text', and are not a 'binary' file that could potentially be doing almost whatever it likes on your device.
Criteria 2
The 'back-end' parts of the app (meaning where your personal data gets sent to, and where other processes on that data are carried out), are 100% open source, meaning that all of the software code that decides what to do with your personal data is publicly visible, and can be downloaded and independently analysed, or run from your own servers. This makes it almost impossible for app developers to misuse your data in unexpected ways, for either commercial gain or other exploitative reasons.

App Earnings

These ideals perhaps sound utopian, but if these criteria are followed, how can an app developer still earn a living from publishing their own "safer apps"? The answer may vary depending on the app, but usually the path for the developer revolves around providing the option of "hosting" the app for you.

There is naturally a cost involved in hosting an app (which arises from ongoing power usage, and the purchase of server hardware and/or finding a physical space for the servers), and this cost is passed on to the app user, if they choose to use the hosted version that is offered by the developer themselves. The app user can still choose to "self-host", for free, or potentially use a hosted version from a 3rd party, but it is often less convenient to do so.

The AtomJump Foundation and it's sister business AtomJump Limited, are themselves maintained with this commercial model.

'Progressive Web Apps'

You can find a list of 'Progressive Web Apps' at this app-store:
Progressive Web Appstore
and, while this is a good start, not every 'Progressive Web App' is a "safer app", as only the 1st criteria is satisfied; but not the 2nd criteria. There are many problematic apps in existence today (e.g. particularly in the social space) which can have a "safer" front-end, but which don't satisfy our safety definitions '1', '2','3', '4' and '5', from above, with their 'back-end'.

Open Source Apps

You can find a list of open source apps and tools on this page:
Open Source Apps
and, while this is a good set of tools, not every 'Open Source App' is a "safer app", as only the 2nd criteria is satisfied; but not the 1st criteria. If an open source app is distributed as a binary file via one of the app-stores, it is still potentially more vulnerable to security issues than a progressive web app.  For full safety, care should also be taken that the open source app stands fully independently of the entity behind it. E.g. Some open source projects are designed to make you dependent on the developer company's other commercial products.

Are any apps I use on the iPhone and Google Play app-stores "safer apps"?

No, by definition, they are distributed as a binary app, and don't meet Criteria 1. While the companies behind these 1st generation app-stores will naturally try to sell you on their safety levels, we believe it is actually an impossible task to guarantee your "safety", as we define it here.
  • The app-stores themselves cannot modify a developer's binary file for an app, and if there are any dubious actions inserted by the developers themselves, the app-store cannot reliably detect it. While the app-stores may claim that there is a water-tight 'sandbox' around these binary apps, even their own libraries (which provide the sandbox for these apps), have been found to have leaks to the rest of the system. A simpler and significantly more restrictive sandbox around applications already exists, and it is used with 100% "plain text" apps, only, i.e. the web browser's sandbox.
  • If the software libraries that a version of an app uses becomes out-of-date, or have a newly discovered security issue, the app-store likely won't know about it because they cannot see the source code that built the app (which only the app developers have access to, held privately). If the app developer never finds out about the security flaw (or has stopped publishing updates), there is no way that the app itself will ever be fixed up, leaving all users vulnerable without anyone's knowledge.
So, we believe we need a new set of safety standards, which is what this program is about. If your app fits Criteria 1 and Criteria 2, it is eligible to carry the ‘Certified Safer App’ badge that we publish on this page.

Social Apps

Social apps are a particularly popular category of app, and the Safety Definition 5, from above, is very relevant for them.

At AtomJump, we've been working on this problem for several years with our own AtomJump Messaging tool, and while there may be several different approaches that can be taken here, we have settled on the following solution:

"Anyone can say whatever they like" on the service, but, "anyone can also anonymously delete anything else that is written there".

So, you are accountable for whatever you say online. Anything that is said must be at least acceptable for everyone else on the group for it to stay there. Definitely, you can still make a reasoned argument, but if anyone finds it offensive, they can remove it.

The "Certified Safer App" badge

This badge shows that an app fits the "Safer Apps" set of two required criteria, as judged by a panel from the AtomJump non-profit Foundation.

In future we will also hope to provide a full 'safer apps' app-store, but in the meantime, you can use this suggestions forum to add your own general comments, or find/add apps in the categories listed below.

For the full icon asset files, tap on the icon below.

Show Me Some "Safer Apps"!

Social / Messaging
Forget app lock-in.
Open
Video Conferencing
Never be spied on again.
Open
Games
Instant action!
Open
Business / Finance
Remove your dependencies on 'Big Finance'.
Open
Office / Productivity
Escape the rat race.
Open
Location
Don't be tracked.
Open