Are messages encrypted when they are stored on my device?
- Android: Threema includes its own app-specific encryption based on AES-256 to protect stored messages, media and your ID's private key. The key used for this encryption is generated randomly the first time you start Threema, and can optionally be protected by setting a Master Key Passphrase in the settings, which we highly recommend. Without a passphrase, the encryption will only add obscurity due to the way hardware encryption is handled on Android. If you set a Master Key Passphrase, you will have to enter it after every restart of the device (and after the system has terminated the app due to low memory).
Note: The PIN lock, which can be enabled independently of the master key passphrase, does not cause any additional encryption; it is simply a UI lock.
- iOS: Threema uses the iOS Data Protection feature to encrypt messages, images etc. in the device's flash storage. The key used for this encryption is linked to the device PIN. It is necessary to set a PIN in the system settings to use this feature. On newer models, iOS also uses hardware features for the encryption; therefore even a simple four-digit PIN offers a certain protection. For the highest protection against brute force attacks, you should choose a longer, more complex passcode.
Note: The passcode lock that is built into the app itself does not offer any additional encryption. This feature is intended to keep nosy people from reading your messages when you intentionally give them your phone for a short time for another purpose. Encryption with a four digit PIN inside the app would not be sensible, as brute force attacks would be trivial (since unlike iOS, an app cannot access special hardware features to protect the key).
- Windows Phone: Threema uses an isolated storage to which only Threema has access. Additionally, an app-specific encryption based on AES-256 is used to protect media files, ID, private key and messages. The key used by this encryption method is generated when the app is opened for the first time and can optionally be protected by a passphrase (which we highly recommend). A passphrase can be set in Threema’s security settings.
For detailed technical information about the cryptography in Threema, read the Cryptography Whitepaper.
Other useful topics