Is Threema open source?
Yes, to ensure full transparency, the Threema apps are open source.
Thanks to reproducible builds, there’s also a way to verify that the published code (of the Android app, for the time being) actually corresponds to the apps available for download in the app stores.
To learn how to download, build, and reproduce the Threema app’s code, please refer to the Open Source subsite.
The Threema apps are open source, allowing anyone to audit Threema’s code on their own. Furthermore, external experts are commissioned to conduct comprehensive security audits on a regular basis. The most recent audits are listed below.
- 2023: Security analysis of the “Ibex” communication protocol by security researchers from the Chair of Applied Cryptography at the University of Erlangen-Nuremberg, see blog post and analysis
- 2020: Audit by Cure53, see blog post and audit report
- 2019: Audit by Lab for IT Security of the Münster University of Applied Sciences, see blog post and audit report
For a comprehensive documentation of the algorithms and protocols used in Threema, please refer to the Cryptography Whitepaper.