Open Source

What’s better than trust? Transparency.

Threema’s algorithms and design decisions are documented in the Cryptography Whitepaper, and external experts are commissioned to conduct comprehensive security audits on a regular basis. However, it’s not necessary to believe our claims or to trust someone else’s assessment. To ensure full transparency, the Threema apps are open source.

On this subsite, developers and security researchers who would like to take a look at Threema’s source can find information on how to download, build, and reproduce the apps’ code.

Overview

Source Code and Documentation

Mobile Apps

Desktop App / Threema Web

Build Instructions

Build and test instructions can be found in the README files included in the source-code repositories.

Reproducible Builds

In order to verify that the published source code actually matches the source code the mobile apps in the stores were built with, we provide reproducible builds.

At the moment, reproducible builds are available for Threema’s Android app. Due to restrictions by Apple, it’s no easy task to offer reproducible builds for iOS, but we are currently evaluating possible ways to also support reproducible builds for this platform.

For instructions on how to reproduce the published Android app build, please refer to the Reproducible Builds page.

Bug Reports / Feature Requests / Security Issues

To report bugs or request new features, please contact the Threema support team.

If you discover a security issue in Threema, please adhere to the coordinated vulnerability disclosure model.

To be eligible for a bug bounty, please file a report on GObugfree (where all the details, including the bounty levels, are listed).

If you’re not interested in the bug bounty program, you can contact us via Threema or by email; for contact details, see threema.ch/contact (section “Security”).

Contributions

You can contribute to the Threema apps through pull requests on GitHub, after signing the Contributor License Agreement. Please refer to the Submitting Contributions page for more information. (To translate the Threema app, please don’t create a pull requests; use OneSky instead.)

License

The Threema apps are subject to the GNU Affero General Public License version 3. More details can be found in the source code repositories.

Please note that even though they may be compiled and modified freely, the Threema apps are still paid apps. An anonymous license check prevents the creation of Threema IDs on self-compiled apps. If you would like to use a self-compiled app, please restore the backup of an existing Threema ID. You can create Threema IDs and backups thereof using the purchased app.

If you have questions about the use of self-compiled apps or the license in general, feel free to contact us. We are publishing the source code in good faith, with transparency being the main goal. By having users pay for the development of the app, we can ensure that our goals sustainably align with the goals of our users: Great privacy and security, no ads, no collection of user data!