- What makes Threema secure?
- How does Threema compare to other messengers?
- What’s special about Threema’s privacy protection?
- Which data gets stored at Threema?
- Is Threema open source?
- Are messages stored in encrypted form on my device?
- Could you decrypt my messages, for example if you were required to by law enforcement?
- How do you protect yourself against man-in-the-middle (MITM) attacks with Threema?
- Where are the servers located?
- Will my address book data be sent to your servers?
- How does Threema audit its code?
- How and where is my key pair generated?
- Is the use of Threema compliant with privacy laws?
- How can I find out which data is stored about my ID on Threema’s server?
- What kind of data is transmitted via push notification services?
How do you protect yourself against man-in-the-middle (MITM) attacks with Threema?
Threema allows to verify that the ID of the person you are communicating with is really theirs.
If you are sure about your chat partner's ID, then there's no way for an attacker to spoof or intercept/decrypt a message from or to your chat partner.
The connection between the app and the servers is secure against MITM attacks because the server authenticates itself to the app based on a public key that is hard-coded into the app and whose corresponding secret key is only known by the legitimate servers.
Please note: Threema can only be as secure as the device that it is running on. Malware that runs in the background on your device can intercept and falsify data without being noticed. We highly recommend to always install the most recent operating system updates and to only use software from trusted sources.