Cryptee has two countermeasures built for this specific potential threat.
We have independent servers in different countries and locations, checking the hashes of published files and code on https://crypt.ee. This is an alert mechanism against ISP level tampering. So if a major ISP or provider tampers with the code at scale, one of the check servers will pick this up and alert us to take action.
In addition, if you’d like to verify things yourself, or if you’re suspecting that someone or an ISP may have changed Cryptee’s code in the process of being delivered to your device, you can verify the code yourself. Cryptee’s client-side code is entirely open-source and available publicly on Github. The current version of the software is displayed on the account settings page (for example "d5e07da") and you can see the same version on Github.
Important Note 1
Please remember that Cryptee can only protect you from potential bulk surveillance / corporate surveillance and a few other situations in general. This means that if any company / ISP / government wants to target you directly and individually, Cryptee’s protections will not be sufficient. We strongly recommend that you read our threat model page here to assess this for yourself.
Important Note 2
Cryptee is a company based in EU and bound by law.
If you use Cryptee for illegal activities, and if a governmental authority asks us to hand over the information we have on your account with a criminal court order, we will have to hand over the information we have on your account to the authorities. We do not possess the ability to decrypt your files, so in cases like these we can only hand over your encrypted files, which nobody should be able to decrypt, unless you gave them your encryption keys, or they've obtained it some other way.
Needless to say, don't use Cryptee for illegal purposes or in ways that is harmful to others.