Threema Goes Open Source, Welcomes New Partner

A new chapter is added to Threema’s success story.

Strengthened Through Partnership

After an intense startup phase, Threema lays the foundation for continuity, further growth, and an acceleration of the product development thanks to the entry of the German-Swiss investment company Afinum Management AG.

Afinum fully shares our values regarding security and privacy protection. The additional resources gained through this partnership enable Threema to grow beyond the German-speaking part of Europe, and we can use our energy for visionary new ideas and projects. That said, Threema’s founders – Manuel Kasper, Silvan Engeler, and Martin Blatter, all software developers – will continue to lead the company and still retain a significant ownership interest.

Open Source and Multi Device

Security and privacy protection are deeply ingrained in Threema’s DNA, which is why our code gets reviewed externally on a regular basis. Within the next months, the Threema apps will become fully open source, supporting reproducible builds. This is to say that anyone will be able to independently review Threema’s security and verify that the published source code corresponds to the downloaded app.

In the future, it will be possible to use multiple devices in parallel thanks to an innovative multi-device solution. In contrast to other approaches, no trace of personal data will be left behind on a server. Thanks to this technology, Threema can be used on a PC without a smartphone.

In conclusion, Threema will become even more trustworthy and even more convenient to use.

Video Calls the Threema Way

After a thorough beta test, video calls are now ready for everyday use! Simply switch on the camera during a Threema call, and your contact will see you in stunning image quality, while you can rest assured that no one else is able to access the video.

Rigorous Data Protection

Since video calls contain personally identifiable information of the purest form, they are particularly worthy of protection. As is to be expected, Threema’s video calls are designed from the ground up with security and privacy in mind. Not only the transmitted data but also signaling is fully end-to-end encrypted, and before a call is accepted, no data is transmitted.

When it comes to metadata, video calls also meet Threema’s rigorous standard. In order to ensure full end-to-end encryption of all metadata (including real-time metadata, such as camera orientation), our team had to make corrections to the widely used base technology “WebRTC.” This security improvement will be incorporated into the WebRTC project, meaning that countless other communication services benefit from our patch in the future.

Technical details concerning the security aspects of Threema’s video calls are documented in the Cryptography Whitepaper.

Intuitive User Interface

To place a video call, simply start a regular Threema call, and tap the camera button in the top right corner to activate video transmission. Your call partner can choose to turn on their camera at any time, or, if preferred, they can leave it off during the entire call, which is to say that it’s possible to conduct one-way video calls.

While a video call is ongoing, you can return to the app and use it like you normally would. On Android, you can even leave the app and continue video calls in picture-in-picture mode.

If you wish not to receive video calls at all, simply deactivate the Allow Video Calls option in Settings > Threema Calls.

Excellent Voice and Image Quality

Video calls exhibit the crystal-clear voice quality Threema users have become accustomed to from voice calls. Image quality is every bit as brilliant and automatically adapts to the available bandwidth. But don’t take our word for it, update the app and see for yourself:

Video Calls Are on the Horizon

A photo of someone is personally identifiable information of the purest form. That’s why photos are so commonly used to identify people; a prime example is the photo in your passport.

Video calls not only contain single photos, they consist of continuous images of the participants in real time. Therefore, they are more up to date and a lot richer in information than a simple photo. Even without taking into account the facial recognition technology available today, the potential for misuse is considerable.

Given this sensitive nature, video calls are particularly worthy of the security and privacy protection Threema provides. Also those who wrongly believe their privacy is not at stake when exchanging text messages must be aware of the potential dangers video calls pose, and everyone should shy away from services that lack proper security and privacy protection when it comes to video calls.

For the past few weeks, the participants of our beta program have put video calls to the test. Starting next week, all Threema users will be able to make video calls without having to worry about their privacy. Stay tuned!

The Reason Behind Delayed Notifications on Certain Android Devices

When buying a smartphone, battery life is a crucial decision factor. Even the most advanced mobile device is pretty much useless without energy. For this reason, smartphone manufacturers use various means to squeeze the absolute maximum out of their batteries. However, some brands of Android devices take it too far and throw the baby out with the bath water. They limit the background activity of third-party apps in such drastic ways that some of these apps can no longer provide basic functionality.

Longer Battery Life at the Cost of Reliability

If an app is active in the background, it might consume energy for no valid reason. This is why manufacturers like OnePlus, Samsung, and Xiaomi simply terminate third-party apps in the background or cut off their network connection based on custom, intransparent specifications (without notifying the user). Such measures don’t comply with Google’s Compatibility Definition Document (CDD). While not all apps suffer from obvious drawbacks, this undue behavior imposes major limitations on instant messengers like Threema as it inevitably leads to incoming messages appearing too late or not showing up at all while the app is in the background.

Special Treatment for Mainstream Apps

The problem runs even deeper, though. Since phone makers don’t want to annoy their customers, they add the most popular apps – WhatsApp and Facebook Messenger, for example – to so-called “whitelists.” Apps included in whitelists are exempt from restrictions and work perfectly fine under all conditions. This gives users the impression that Threema is responsible for delayed notifications because other messengers don’t suffer from similar shortcomings. In fact, however, device manufacturers are solely responsible for these delays, and, what’s worse, there is nothing Threema can do about it.

In theory, users can enable the background activity for individual apps on some devices. However, the respective settings are typically scattered across countless screens in the system preferences’ most deep-leveled submenus. These settings differ not only from brand to brand but also from device model to device model, and the next OS update may reset the configuration altogether. On many devices, there is no way to manually fix the misbehavior in the first place.

Huawei Is the First to Reconsider

Some weeks ago, Huawei has re-enabled Threema to make use of the background activity provided by Android. On newer Huawei devices, Threema is therefore fully functional again. Our repeated attempts in convincing other manufacturers to also exempt Threema from destructive restrictions have failed, however.

This is why we now ask you, the users of affected devices, to contact the brands in question directly and kindly ask them to resolve this unfortunate situation:

For more information, please read this article over at androidpolice.com.

How Threema Safe Differs from Backup Solutions Offered by Other Messengers

Threema doesn’t store your data centrally on a server. Instead, your data is stored directly on your smartphone and is therefore protected in the best possible way against data leaks and unauthorized access by third parties.

It’s not always easy to reconcile security with usability, and one downside of this privacy-focused approach is the potential data loss that occurs if you ever happen to lose access to your device (and don’t have a recent backup). To compensate for this drawback without weakening security and privacy protection, Threema Safe has been available as a backup solution for some time now.

However, it is important to stress that Threema Safe does not simply create encrypted cloud backups; as far as security and privacy are concerned, it differs significantly from conventional backup approaches.

Anonymous Backups

Threema Safe’s security doesn’t start with the encryption of backup content but one step earlier, with a backup’s file name.

The file name used to store a Threema Safe backup on the server is cryptographically derived from a combination of the Threema ID corresponding to the backup and the password defined by the user. Therefore, no conclusions can be drawn as to whether a given backup belongs to a certain Threema ID or not. Vice versa, it’s impossible to determine whether there is a backup of a certain Threema ID present on the server or not (without knowing the password).

This is to say that even if we assume an attacker could gain access to the backup server in order to get to your data, he wouldn’t be able to tell whether there is a backup of your data in the first place, let alone ascertain which backup file is yours.

Free Server Choice

It is, however, not necessary to store Threema Safe backups on the Threema server. Technically inclined users can store their backups on any WebDAV server of their choice.

Solid and Transparent Architecture

Threema Safe’s security architecture is straightforward and does not rely on complex, intransparent CPU features, such as Intel SGX, on the server side. Instead, backup encryption is based on the tried and tested standards scrypt and NaCl. All technical details concerning protocol and encryption are well-documented in the Cryptography Whitepaper.

The advantage of a simple and transparent security architecture is that it does not tempt users to fall into a false sense of security, and therefore users are less likely to choose passwords that are easy to guess or crack.

Optional Use

In order to use Threema Safe, you have to explicitly opt in. If you prefer to only store your data locally on your smartphone, you don’t have to upload a backup to any server whatsoever, and you can still use Threema without limitation.

Video Calls: Beta Phase Begins

With the Threema apps’ latest beta versions, Threema calls graduate to the audio-visual dimension. As is to be expected, video calls get the full Threema treatment in terms of privacy and security. And since video calls are inherently personal, they are particularly worthy of protection.

Threema-Level Security

Video calls in Threema are fully end-to-end encrypted (not only audio and video, also signaling is end-to-end encrypted). In contrast to users of conventional services, Threema users can therefore rest assured that no one besides caller and callee – not even Threema as service provider – is able to access and view the video stream.

Thanks to Threema’s contact verification, Man-in-the-Middle attacks can be effectively prevented, and there’s no need to manually verify a code for the purpose of authentication. When communicating with “unknown” Threema IDs (red verification level), the connection is always established via Threema’s server. This way, one’s own IP address isn’t exposed to dubious contacts.

Of course, Threema’s principle of maximum metadata restraint also applies to video calls. It’s not required to provide any personally identifiable information, such as a phone number or email address, to place a call.

Excellent Image Quality and Intuitive Interface

Video calls provide the crystal-clear voice quality Threema users have become accustomed to from voice calls. The image quality is every bit as brilliant and automatically adapts to the available bandwidth.

Video transmission is an option of Threema calls that can be enabled at any time during an ongoing call. Once a Threema call is established, both parties can independently enable and disable video transmission by tapping the camera icon. This is to say that it’s possible to conduct one-way video calls.

The dynamic UI of video calls allows to return to the app and use it as usual while a video call is ongoing. Android users can even leave the app and continue video calls in picture-in-picture mode.

Beta Program

Participants of Threema’s beta program are able to start testing video calls today. To install the beta version of Threema for Android, scroll to the “Join the beta” section in the Threema listing on Google Play, and tap “Join.” Unfortunately, we cannot accept new iOS beta testers due to Apple’s TestFlight limits. We’re sorry about that.

Happy testing, we look forward to receiving your bug reports!

Maintain a Healthy Work–Life Balance with Threema Work

In times of home office and constant availability, it is increasingly difficult to protect one’s spare time against the intrusion of work. Thanks to the new off-hours policy in Threema Work for Android, there is now an efficient way to restore a healthy work–life balance.

Simply define your working hours in “Settings > Sound & Notifications > Do not disturb,” and you won’t be bothered with work issues after office hours. If your colleague from accounting calls while you’re off duty, the call will automatically be rejected. If the overzealous marketing manager sends text messages on the weekend, you won't notice because you don’t receive any notifications. Instead, you’ll spend your leisure time relaxed and free of work-related worries. And after your uninterrupted downtime, you’ll be even more productive when you start work rested and recharged on Monday morning.

Learn more about Threema Work

Threema for iOS: Override system theme

Upon popular demand, the latest update of Threema for iOS allows setting the theme independently of iOS. Navigate to Settings > Appearance > Design Theme, and select Light or Dark.

If, however, you prefer a consistent appearance across the OS, the System option (default setting) has you covered.

The 4.5.1 update also contains other minor improvements and fixes various bugs. To learn more, please refer to the changelog.

Threema for Android: Built-in video camera, new emojis, and more

The 4.3 update brings several useful new features and a host of additional emojis to Threema for Android. As usual, the update fixes some bugs, and it also contains various other improvements.

Built-in video camera

You can now record and trim videos right in the Threema app. Open a chat, and tap the camera icon in the text-input field to launch the camera. You still take pictures by tapping the shutter button. However, if you hold down the button, a video will be recorded.

To zoom, slide your finger up and down, and to stop recording, simply release the button. If you wish to trim the video before sending it, move the sliders to the desired start and end position.

Over 100 new emojis

Emoji fans now have even more ways to spice up their chat messages. Threema 4.3 for Android is equipped with more than 100 new emojis from the Unicode 12 standard, including a yawning smiley, mechanical extremities, and the much-beloved sloth.

There’s more

This update packs several other new features and improvements. For example, automatic downloads can now also be enabled for files and videos, and the appearance of stickers and the audio-playback behavior have been optimized.

Update/download Threema for Android

System requirements: This update requires Android 4.4 or above. The video camera and the video editor are available on most devices running Android 8 or above.

Various improvements in Threema for iOS

A new Threema version for iOS has just hit the App Store. The 4.5 update contains numerous small, yet useful, enhancements.

Quoting messages is now as easy as swiping right. The new Leave Group menu item in the group details allows to leave groups without deleting them, and you can now conveniently share contacts (in the detail view) by means of Share Links.

The user interface has also undergone some refinements. For instance, in-app-notifications now contain image previews. On iOS 13, Threema adheres to the system-wide Appearance setting (in Settings > Display & Brightness), which allows to automatically switch the theme at sunrise and sunset.

On top of that, this update includes several other improvements and bug fixes. To get an overview of all changes and additions, please refer to the changelog.

Are you familiar with Threema’s poll feature?

In a group chat, the idea to go out for dinner comes up. Various restaurant suggestions are proposed, and lively debates about the pros and cons of each place emerge. Roberto is okay with anything but sushi, Lisa prefers restaurants nearby, and Hanna is a vegan…

This is where Threema’s poll feature comes in handy. In the chat, tap the paperclip icon (Android) or the plus sing (iOS), and start a poll. Once all group members have cast their vote, a chart will show which option is the most popular.

Data Privacy Day: Take the privacy quiz

Today is Data Privacy Day. In celebration of this international awareness day, we’re giving away various prizes that protect your online privacy:

  • 3 × SecureSafe Gold (3 years, amounting to $432)
  • 3 × Threema Work Enterprise (20 users, perpetual license)
  • 10 × 5 promo codes for Threema

To enter the prize draw, you have to put your knowledge to the test and complete our privacy quiz. The quiz will be open until the end of January. All decisions are final.

Take the privacy quiz now: Send «quiz» to *THREEMA.

Good luck!

Threema Channel updated

The Threema Channel is now equipped with additional commands (“more”), a streamlined navigation, and a new feed (“Jobs”).

Send “info” to the ID *THREEMA to explore the new content.

Full privacy, half price

Seriously secure messaging is never free. But for a limited time, the Threema app is available at half price. This sale lasts until the end of the year.

App stores: Price reduction may vary by country of origin.

To streamline the process of adding contacts to Threema and to make it easier to share one’s own ID, there is now a unique Share Link for each Threema ID:

https://threema.id/ + Your Threema ID

Example: https://threema.id/ECHOECHO

When opening this Share Link on a mobile device, the respective ID will be added to the contact list in Threema. When opening the link on a computer (or a mobile device on which Threema is not installed), a custom website appears, where you can add the ID to Threema by scanning a QR code (or download the app from the appropriate store).

Share your Threema ID using the Share Link like this:

  1. In Threema > My Profile, tap the Share button
  2. Select the communication channel, e.g., email or SMS
  3. Select the contacts you wish to share your Threema ID with

You can also add your Share Link to your email signature or use it as (anonymous) contact information on social networks.