Fact vs. Fiction: Why PDFium Is the Most Trusted Platform for PDF Rendering

This article was first published in December 2023 and was updated in August 2024.

From the desk of Jonathan Rhyne, Co-Founder and CEO of PSPDFKit

In recent years, myths about the security of open source technology, including PDFium, have circulated. To clarify these misconceptions, I’m launching a new blog series titled Fact vs. Fiction. Today’s focus is on PDFium, a popular open source PDF rendering platform.

Purpose and Intended Audience

This article targets decision makers who are choosing a reliable PDF processing technology. Whether you’re developing a web, desktop, or mobile app, understanding the true capabilities of PDFium is crucial.

So, in the first article in the series, I’ll analyze some of the myths and misconceptions regarding the security of open source, as well as the open source technology used and trusted by literally billions of people (no, that’s not a typo) around the world. My goal is to help you, the reader, come to your own conclusions about what really is fact versus what is fiction.

Myth #1 — Open Source Technology Is Insecure Because the Source Code Is Open to the Public

Have you ever heard anyone say: “Open source technology is insecure because all the source code is completely open to the public?” Unfortunately, this is one of the biggest myths regarding open source technology, and it’s typically used by companies who’d rather spend their resources attacking their competition as opposed to innovating or contributing to a community. So let’s analyze this argument a bit further.

Fact #1 — You’re Probably Already Using Open Source Technology and You Don’t Even Know It

Just take a look at the latest statistics in Figure 1 below from the independent market research site statcounter.com regarding the global usage of web browsers.

Figure 1 — Browser Market Share Worldwide (June 2022)

As you can see, Google Chrome dominates the market with a whopping 65 percent of the global market share. And when you add up all the statistics for the top four browsers (Chrome, Safari, Edge, and Firefox), you see that all the major browsers command a combined total of more than 91 percent of the global market. And in case you were unaware, all of those web browsers are either fully open sourced, or they embed open source technology. So now think about this conclusion personally: If you use Google Chrome, Apple Safari, Microsoft Edge, or Mozilla Firefox, you’re already using open source technology. That’s a fact.

Another major thing to consider: If your company (or business) standardizes on any of the web browsers above, then they’re standardizing on tools that are (or embed) open source technology.

Now take a look at Figure 2 below, illustrating how many people worldwide use open source web browsers, to see how ubiquitous and pervasive open source software is.

Figure 2 — Infographic: Worldwide Usage of Open Source Web Browsers (June 2022)

At PSPDFKit, we adopted the use of the open source platform PDFium within our tools and APIs for developers. And with that, let’s address another myth.

Myth #2 — PDFium Is an Insecure PDF Rendering Engine

Now, without getting into the technical details of the various PDF specifications and how PDF toolkits (such as PSPDFKit) work, understand that PDF tools and toolkits are typically split into two parts. One part reads and processes the text and binary information encapsulated inside a PDF document (this part is typically called the PDF parser). The other part is responsible for taking the parsed information (text, images, etc.) inside the PDF document and visualizing it for the user (this part is called the PDF renderer).

Figure 3 — The Architecture for PDF Tools Such as PSPDFKit Is Split Into Two Parts: PDF Parsers and PDF Renderers

Now, although we evidently demonstrated the widespread and ubiquitous use of open source technology, some may argue that, in particular, the open source PDF renderer PDFium is inherently insecure. So, again, let’s look at the facts.

Fact #2 — Major Companies Contribute to or Use PDFium

I love arguing this point because I can let the facts speak for themselves. Guess what Google, Microsoft, Amazon, Dropbox, and (yes) PSPDFKit all have in common? All of us are either contributors to the publicly available PDFium open source project, and/or we directly embed PDFium in the products we create for our end users. That’s a fact.

• Google uses PDFium inside Chrome (the most widely used browser in the world).

• Microsoft uses PDFium inside Edge (the default web browser in Windows 10 and 11).

• Amazon uses PDFium inside Amazon Echo and Fire TV products.

• Dropbox uses PDFium inside its client tools to preview files.

Figure 4 — PSPDFKit Participates in a Community of Users and Contributors to the Open Source PDFium Project, Alongside Google, Microsoft, Amazon, and Dropbox

Fact #3 — PDFium Is an Active and Well-Maintained Open Source Project

As an active member of this vibrant and evolving community, PSPDFKit is passionate about and dedicated to the success, stability, and security of the open source PDFium project, which is continuously maintained and improved with new features that are channeled back to our customers.

Have you ever heard the phrase, “If you want to go FAST, then go alone, but if you want to go FAR, then go together?”

This is the mindset I instill in every employee at PSPDFKit, and it’s why we participate in the community of PDFium users and contributors. In this community, each company has its own business case and reasoning for embedding PDFium within individual platforms, however, we’re jointly committed to the success of the project.

Conclusion

This article kicks off our Fact vs. Fiction series. Explore the links and information provided to see for yourself why PDFium is a trusted PDF rendering solution.

FAQ

Here are a few frequently asked questions about PDFium and PDF rendering.

What makes PDFium a trusted platform for PDF rendering?

PDFium’s trustworthiness stems from its open source nature, contributions from major tech companies, and its integration in widely used products like Google Chrome and Microsoft Edge.

How does open source technology contribute to the security of PDFium?

Open source technology allows a global community of developers to continuously audit and enhance PDFium, ensuring vulnerabilities are quickly addressed and security is maintained.

What is the role of PDFium in popular web browsers?

PDFium powers the PDF rendering capabilities in browsers like Google Chrome and Microsoft Edge, providing reliable and efficient document handling.

Why is PDFium considered a well-maintained open source project?

PDFium is actively maintained by a broad community, including major corporations, which contributes to its stability, security, and ongoing feature improvements.

How does PSPDFKit utilize PDFium in its products?

PSPDFKit integrates PDFium to offer advanced PDF rendering and manipulation features, benefiting from PDFium’s reliability and ongoing development.

Sources

• The list of companies that contribute to PDFium, which include Google, Microsoft, and Dropbox

• The list of open source software used by Amazon Echo devices, which includes PDFium

• The Dropbox.Tech blog discussing the performance of PDFium in Dropbox software

• Microsoft Edge uses Chromium, which includes PDFium