Review: Threema App.

Threema is a great app and would’ve been one of the best encrypted messaging apps if its code was open source and if it had a desktop app. The app is well designed, intuitive, easy to set up, install and use, it also comes in a free version.

Updated 11 January 2021.

Disclaimer: We are not affiliated in any way to these Companies, this article is 100% our findings. There is no affiliate marketing in place through the links provided below, they’re provided for your convenience.

How we write our reviews: To ensure an unbiased and thorough review all apps are tested:
• In real time, i.e. we use it on real projects.
• By different team members located in different countries.
• With different devices and operating systems.
• For a minimum of two weeks, four on average.
• Article is peer reviewed by other team members then sent to the app’s publisher for final review.

Contents of this article

  1. Pros of Threema
  2. Cons of Threema.
  3. Conclusion.
  4. Screenshots.
  5. Criteria used for testing:
    – Encryption Implementation.
    – End-to-end Encryption
    – Zero-knowledge
    – Server location.
    – Suitable for business use.
    – User administration.
    – Resistance to state-sponsored criminals.
    – Multi-platform.
  6. Notes.
  7. Sources.

1. Pros of Threema:

  • All messages and multimedia are all encrypted on Threema.
  • Threema provides full anonymity by not requesting for your phone number or email address before you can use the app. A random ID is generated for you at startup.
  • Threema’s servers are based in Switzerland, a neutral country that’s not part of the 9 eyes, US and EU countries.
  • Threema can be used for both private purposes and for business purposes. For business, it is advisable to use Threema work.
  • Threema work gives your team a fully secure easy to use tool for professional communication. With features like text and voice messages, voice calls, shared images, videos, locations and files, group chat of up to 100 team members. Polls can also be created within the app, appointments can be scheduled and the app can be integrated into your own personal software. It
  • Group members can be added and removed at will.
  • Messages are only stored on a device and does not reflect on other devices with the same logged in user accounts. This is a great security feature that helps in case of a security breach on one device, the other devices are safe as the data is not available on other devices.
  • Groups are messaged without involvement from the servers. This shows zero knowledge as the servers have no idea who is who on the app.
  • Threema uses the standard push notification service provided by the operating system.
  • Users who do not want to keep using the app can easily do so by revoking their ID (https://myid.threema.ch/revoke). This is an emergency feature to cut off a compromised ID.
  • Threema’s web client code are all published under open source licenses.
  • The app works seamlessly across all platforms i.e. android, iOS, tablets, blackberry, smartwatches and Desktop.
  • Contact synchronization is optional.
  • Messages can be quoted, i.e. you can reply specific messages within a chat.
  • You can format text in bold, italic and strikethrough.
  • Has an agree or disagree feature for incoming messages, this is a discreet way of expressing your feeling towards a message.
  • Even when compelled by law, messages on the app cannot be decrypted.
  • The app protects you from man-in-the-middle (MITM) attacks by allowing you to verify the ID of whoever you’re communicating with.
  • Threema complies with the European General Data Protection Regulation (GDPR).
  • Should you get a new phone you can transfer your data to another phone, this can only be done within the same operating system though.
  • If you don’t want the other user to know you’ve read their messages, you can turn off “message read” and “typing” displays.
  • Can share GPS position, it appears on a Google map. Feature is available on both Android and iOS.
  • Anonymous payment option with Bitcoins.
  • On Android you can set a passphrase when you leave the app or the phone goes to sleep.
  • Code is open source.

2. Cons of Threema.

  • When you leave the app or the phone sleeps, you can enter the app again from the without it requesting for password, this can allow unauthorized access.
  • One purchasing option is via PayPal, a payment portal that’s known for data breaches and ceasing of user funds.
  • Some features aren’t present on other devices like the message quote is not available on windows phone, add text formatting, voice calls, sending files is absent on Windows phone.
  • Threema on desktop is available on Android and iOS.
  • Threema does not have a web app.
  • Chat rooms are limited to 100 people per room.
  • The app doesn’t connect when internet connection is slow.
  • Distribution list feature is available on Android and the web app, but not on iOS.

3. Conclusions.

Threema is a great app and would’ve been one of the best encrypted messaging apps if it had a desktop app. The app is well designed, intuitive, easy to set up, install and use, it also comes in a free version. Even in situations where the server is compromised (which is very rare or unheard of), your messages are still fully encrypted, they are not stored on their servers and they cannot be read. The app was rated so good it won the app of the year in 2015.
When checked alongside the criteria used for testing, Threema did wonderfully well and is rated highly. The app is great for both individuals and businesses who place a premium on data security and privacy.

4. Screenshots:

5. Criteria used for testing:

Encryption Implementation: Threema uses state-of-the-art asymmetric cryptography to protect messages and calls between sender and receiver, as well as the communication between the app and the servers. Threema uses the “Box” model of the NaCl Networking and Cryptography Library to encrypt and authenticate.

End-to-end Encryption: Threema uses two different encryption layers to protect messages between the sender and the recipient; end to end encryption layer and transport layer. Messages sent between users are all encrypted (be it text, videos, images, and audio recordings).

Zero-knowledge: Threema has no knowledge of the contents of your messages, neither do they know who you are or your security keys, your keys are stored on the your device only. Threema also gives full anonymity to its users.

Server location: for apps to be free of interference from state sponsored criminals, their servers have to be located in “neutral countries” where they can’t be forced to disclose data they don’t want to share. We consider neutral countries to be countries outside the United States and European Union’s jurisdiction, neutral countries are not subject to US and EU laws.

Suitable for business use: Threema is a great tool for private users, businesses and organizations. Threema Work is recommended for business use, it was made to cater for their data needs. They offer a trial version for testing the app.

User administration: group admins are the only ones with the right to add and delete members from a group.

Resistance to state-sponsored criminals: Threema will not decrypt your messages even if they’re required by law to. That in itself is impossible because Threema does not have the keys to do so as they are all stored on your devices. When we say state sponsored criminals we mean the police, prosecutors etc. Their crimes are considered legal because the state institutions that should put them in check have been corrupted. When they perform illegal activities, they can cover them in whatever ways they like. They are technically sound and can intercept and read IMAP, POP3, TLS, and SSL. They can also spoof your email provider’s SSL certificate. They can access your SMS and emails by simply using the recovery option. That’s why it’s important to always use encryption software, encrypt all your devices, and make sure you buy hardware outside the country you live in.

Multi-platform: Threema exists on the major platforms like Android, iOS and Windows phone.

6. Notes

Threema can be downloaded on Google’s Play Store and Apple store, but isn’t available as a desktop app. To use as a desktop app on Windows, you have to install Bluestacks which is an Android Emulator that runs android apps on Windows. Here’s how to do it;
• Download Bluestacks at https://www.bluestacks.com/.
• Set up a Google account. Preferably with a burner phone.
• Download Threema APK.
• Install the APK on Bluestacks by clicking on the downloaded Threema file and installing with Bluestacks.
• Run Threema from Bluestacks and fill in your details to use the app.

7. Sources.

  1. En.wikipedia.org. (2018). Threema. [online] Available at: https://en.wikipedia.org/wiki/Threema [Accessed 4 Apr. 2018].
  2. Threema.ch. (2018). [online] Available at: https://threema.ch/press-files/cryptography_whitepaper.pdf [Accessed 4 Apr. 2018].
  3. Threema.ch. (2018). Frequently asked questions – Threema. [online] Available at: https://threema.ch/en/faq [Accessed 4 Apr. 2018].
  4. Threema.ch. (2018). What are distribution lists? – Threema. [online] Available at: https://threema.ch/en/faq/distribution_lists [Accessed 4 Apr. 2018].
  5. Work.threema.ch. (2018). Threema Work – The messenger for organizations. [online] Available at: https://work.threema.ch/en [Accessed 4 Apr. 2018].
  6. Open-Source: https://threema.ch/en/open-source

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s