Is Threema open source?
Yes, to ensure full transparency, the Threema apps are open source.
Thanks to reproducible builds, there’s also a way to verify that the published code (of the Android app, for the time being) actually corresponds to the apps available for download in the app stores.
To learn how to download, build, and reproduce the Threema app’s code, please refer to the Open Source subsite.
Related articles
The Threema apps are open source, allowing anyone to audit Threema’s code on their own. Furthermore, external experts are commissioned to conduct comprehensive security audits on a regular basis. The most recent audits are listed below.
- 2024: Audit by Cure53 of the new desktop app, see blog post and audit report
- 2023: Security analysis of the “Ibex” communication protocol by security researchers from the Chair of Applied Cryptography at the University of Erlangen-Nuremberg, see blog post and analysis
- 2020: Audit by Cure53, see blog post and audit report
- 2019: Audit by Lab for IT Security of the Münster University of Applied Sciences, see blog post and audit report
In addition to external audits, we also maintain a bug bounty program where ethical hackers and security experts are rewarded with a bounty for reporting relevant security vulnerabilities.
For a comprehensive documentation of the algorithms and protocols used in Threema, please refer to the Cryptography Whitepaper.
Show all FAQs
