- What makes Threema secure?
- How does Threema compare to other messengers?
- What’s special about Threema’s privacy protection?
- Which data gets stored at Threema?
- Is Threema open source?
- Are messages stored in encrypted form on my device?
- Could you decrypt my messages, for example if you were required to by law enforcement?
- How do you protect yourself against man-in-the-middle (MITM) attacks with Threema?
- Where are the servers located?
- Will my address book data be sent to your servers?
- How does Threema audit its code?
- How and where is my key pair generated?
- Is the use of Threema compliant with privacy laws?
- How can I find out which data is stored about my ID on Threema’s server?
- What kind of data is transmitted via push notification services?
How does Threema audit its code?
The Threema apps are open source, allowing anyone to audit Threema’s code on their own. Furthermore, external experts are commissioned to conduct comprehensive security audits on a regular basis. The most recent audits are listed below.
- 2020: Audit by Cure53, see blog post and audit report
- 2019: Audit by Lab for IT Security of the Münster University of Applied Sciences, see blog post and audit report
For a comprehensive documentation of the algorithms and protocols used in Threema, please refer to the Cryptography Whitepaper.