|Initial release||December 2012|
1.2.1 (May 4, 2015 ) [±] 
|Written in||Objective-C (iOS), Java (Android), C, .net (Windows Phone)|
|Operating system||iOS, Android, Windows Phone|
|Available in||English (iOS, Android, WP), German (iOS, Android, WP), French (iOS, Android), Spanish (iOS, Android), Italian (iOS, Android), Russian (iOS, Android), Brazilian Portuguese (iOS, Android), Polish (Android)|
|Type||Encrypted instant messaging|
|License||Proprietary commercial software|
Threema is a proprietary encrypted instant messaging application for iOS, Android and Windows Phone. In addition to text messaging, it’s possible to send multimedia files and voice messages. Locations can also be shared through the use of integrated mapping features. Since January 2015, Threema offers an integrated Poll Feature, which allows to create a poll within a single conversation or group chat. The name Threema is an acronym for EEEMA and stands for end-to-end encrypting Messaging Application.
There is no need to link an email address or phone number to Threema in order to send messages. Instead the app uses a user ID, created after the initial app launch by a sophisticated random generator. At the same process, it generates a key pair and sends the public key to the server while keeping the private key on the user's device. The application then encrypts all messages and media files that are sent to other Threema users with their respective public key. To find other users, the app can synchronize the user's address book, but needs prior consent from the user to do so.
Threema is developed by the Swiss company Threema GmbH. The servers are located in Switzerland and the development is based in the Zürich metropolitan area. The application is especially popular in German speaking countries, where it has generated 3.2 million downloads until December 2014. One important factor of success[not in citation given] was in February 2014 when the awareness for privacy dramatically increased[not in citation given] due to the Whatsapp takeover by Facebook.
|This section requires expansion with: History from December 2012 to March 2015. (April 2015)|
On March 20, 2015, Threema released a gateway for companies. Similar to an SMS gateway, it can be used to send messages with their own software. The advertised uses of Threema Gateway include sending of mTAN, eTAN or OTP, alarming for emergency services, secure exchange of passwords, internal communications or confidential customer information. The price for sending a message is set between 0.02 CHF and 0.05 CHF. The code for the Threema Gateway SDK is open for developers and available on GitHub.
In February 2014, a German consumer safety group called Stiftung Warentest evaluated WhatsApp, Threema, Telegram, BlackBerry Messenger and Line. Stiftung Warentest concluded that Threema was the most secure messenger compared to the five others.
Along with Cryptocat and Surespot, Threema was ranked first in a study evaluating the security and usability of instant messaging encryption software, conducted by the German PSW Group in June 2014.
In November 2014 Threema scored 5 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard. It received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to (i.e. having end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys are stolen (i.e. implementing forward secrecy), and having its security design well-documented. It lost points because its source code is not open for independent review (i.e. it's not open source) and because there has not been a recent independent security audit.
In October 2014, Threema won the "connect App Awards 2014" for being the best app of the year.
Security and privacy
The entire communication via Threema is end-to-end encrypted. This includes text messages, any kind of media and also for group chats. Once a message is delivered successfully, it is immediately deleted from the servers. The encryption process used by Threema is based on the open source library NaCl library. Threema uses the asymmetric ECC based encryption, with 256 bit strength. In terms of encryption strength, according a NIST estimate, this corresponds or exceeds the encryption provided by 3072 bit RSA. Threema offers a "Validation Logging" feature that makes it possible for everyone to independently confirm that messages sent via Threema are end-to-end encrypted using the NaCl Networking and Cryptography library.
Threema has two layers of encryption. The End-to-end encryption layer is between the sender and the recipient. The transport layer protects the header information while being transmitted to the server and to the recipient (this prevent eavesdropping).
Users can verify the identity of their Threema contacts by scanning their QR code, when they meet physically. The QR code contains the public key of the users. Using this feature, the users can make sure they have the correct public key from their chat partners, which provides security against a Man-in-the-middle attack. Threema knows three levels of verification (certainty levels of the contact’s identity). The verification level of each contact is displayed in the Threema application as dots next to the corresponding contact.
- ••• No matching contact was found for a specific ID in the user's address book. You can not be sure that the user is who he or she claims to be.
- ••• The ID has been matched with a contact in the user's address book (by phone number or email). You can be quite sure that the contact is who he or she claims to be.
- ••• The ID of this particular contact has been personally verified by scanning the QR code. You can be sure, that the ID truly belongs to this person. Level three protects the user from a Man-in-the-middle attack.
- Daniel Schurter (13 December 2012). "Die Schweizer Antwort auf WhatsApp" (in German). 20min.ch. Retrieved 5 July 2014.
- Threema GmbH (2015-05-11). "Threema". Apple App Store. Apple.
- Threema GmbH (2015-04-16). "Threema". Play Store. Google.
- Threema GmbH (2015-05-04). "Threema". Windows Phone Store. Microsoft.
- Threema GmbH. "End-User Software License Agreement". Threema GmbH. Retrieved 5 July 2014.
- "Threema's official homepage". Retrieved 5 July 2014.
- Encrypted Messaging On Your Smartphone http://nullmag.com/encrypted-messaging-smartphone/#
- Privacy gain traction with secure messaging apps http://www.electronics-eetimes.com/en/privacy-gains-traction-with-secure-messaging-apps.html?cmp_id=7&news_id=222922448&vID=13&page=1
- heise.de (3 July 2014). "Krypto Messenger Threema ergänzt Sprachnachrichten" (in German). Heise Verlag. Retrieved 5 July 2014.
- Threema What's new https://threema.ch/en/whats-new
- Threema FAQ Why is it called Threema? https://threema.ch/en/faq/name_origin
- Threema Cryptography Whitepaper https://threema.ch/press-files/cryptography_whitepaper.pdf
- "Secure mobile messaging with Threema" http://www.net-security.org/review.php?id=333
- "Will my address book data be sent to your servers?". threema.ch. Retrieved 2 December 2014.[third-party source needed]
- "Google Play Store entry for Threema". google.com. Retrieved 5 July 2014.
- Swiss Confederation. "Swiss company registry entry for Threema GmbH". zefix.ch. Retrieved 5 July 2014.
- Romain Dillet (21 February 2014). "Bye Bye, WhatsApp: Germans Switch To Threema For Privacy Reasons". TechCrunch. Retrieved 5 July 2014.
- Till Simon Nagel (21 May 2014). "Der Preis der Sicherheit" (in German). Handelsblatt. Retrieved 5 July 2014.
- „Facebook Buying WhatsApp for $19B, Will Keep the Messaging Service Independent“ http://techcrunch.com/2014/02/19/facebook-buying-whatsapp-for-16b-in-cash-and-stock-plus-3b-in-rsus/
- Threema Gateway https://gateway.threema.ch
- “Threema releases secure messaging gateway” https://www.business-cloud.com/articles/news/threema-releases-secure-messaging-gateway
- Threema Gateway products https://gateway.threema.ch/de/products
- Christian Heutger. "Die Ergebnisse unseres großen Messenger-Tests" (in German). Retrieved 2014-06-26.
- "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 2014-11-04.
- "iPhone und iPad: Threema ist die meistverkaufte App 2014" http://www.computerbild.de/artikel/cb-News-App-Check-iPhone-und-iPad-Threema-ist-die-meistverkaufte-App-2014-11205436.html
- “Top Three Apps for Encrypted Messaging" http://www.theepochtimes.com/n3/1023270-top-3-apps-for-encrypted-messaging/
- The Case for Elliptic Curve Cryptography https://www.nsa.gov/business/programs/elliptic_curve.shtml
- Threema Validation https://threema.ch/validation/
- "Threema cryptography whitepaper" (PDF). 2014-11-05.