Open Source

Vertrauen ist gut. Transparenz ist besser.

Threemas kryptografische Verfahren sind detailliert dokumentiert, und regelmässig werden externe Experten damit betraut, umfassende Sicherheitsaudits durchzuführen. Es ist aber nicht erforderlich, unseren Aussagen zu glauben oder auf die Einschätzung Dritter zu vertrauen. Um volle Transparenz zu gewährleisten, sind die Threema-Apps Open Source.

Auf dieser Seite finden Softwareentwickler und Sicherheitsforscher Informationen zum Herunterladen und Kompilieren des Quellcodes sowie zum Reproduzieren der App.

Die folgenden Inhalte sind technischer Natur und stehen nur auf Englisch zur Verfügung.

Overview Reproducible Builds Contributions GitHub

Overview

Source Code and Documentation

Apps

Threema Web

Threema Web: The Threema Web application
Push Relay: Push notifications for Threema Web
Compose Area: Library for a compose area with support for inline images
App Remote Protocol: Documentation of the Threema Web protocol

Build Instructions

Build and test instructions can be found in the README files included in the source-code repositories.

Reproducible Builds

In order to verify that the published source code actually matches the source code the apps in the stores were built with, we provide reproducible builds.

At the moment, reproducible builds are available for Threema’s Android app. Due to restrictions by Apple, it’s no easy task to offer reproducible builds for iOS, but we are currently evaluating possible ways to also support reproducible builds for this platform.

For instructions on how to reproduce the published Android app build, please refer to the Reproducible Builds page.

Bug Reports / Feature Requests / Security Issues

To report bugs or request new features, please contact the Threema support team.

Should you find a security issue in Threema, please adhere to the “responsible disclosure” policy, and report the issue via Threema or by means of encrypted email. We will get back to you as quickly as possible. Contact details can be found in the Security section on Threema’s contact page.

Contributions

Currently, we don’t accept pull requests for the Threema apps via GitHub. However, if you would like to provide a code contribution, you can send the code via email by following the instructions on the Submitting Contributions page after signing the Contributor License Agreement.

License

The Threema apps are subject to the GNU Affero General Public License version 3. More details can be found in the source code repositories.

Please note that even though they may be compiled and modified freely, the Threema apps are still paid apps. An anonymous license check prevents the creation of Threema IDs on self-compiled apps. If you would like to use a self-compiled app, please restore the backup of an existing Threema ID. You can create Threema IDs and backups thereof using the purchased app.

If you have questions about the use of self-compiled apps or the license in general, feel free to contact us. We are publishing the source code in good faith, with transparency being the main goal. By having users pay for the development of the app, we can ensure that our goals sustainably align with the goals of our users: Great privacy and security, no ads, no collection of user data!