How does Threema audit its code?
Ensuring security and privacy is our main mission. Therefore, we review our code internally on a regular basis and with the greatest care. For encryption, Threema uses NaCl, a well-respected and widely used open-source library. Using Validation Logging, anyone can independently verify the correct application of the encryption.
Furthermore, well-established experts audit Threema periodically. Headed by Prof. Sebastian Schinzel, the Lab for IT Security of the Münster University of Applied Sciences has conducted the latest audit in March 2019. With considerable effort and all the required technical expertise, the Android and the iOS app as well as Threema Safe were examined in great detail for possible security flaws. However, no critical vulnerabilities were found, and the researches gave Threema top grades. Read the full audit report.
For a comprehensive documentation of the algorithms and protocols used in Threema, please refer to the Cryptography Whitepaper.