Threema

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Totie (talk | contribs) at 15:58, 28 January 2016 (Swapped app icon with logo). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Threema
Developer(s)Threema GmbH
Initial releaseDecember 2012 (2012-12)[1]
Written inObjective-C (iOS), Java (Android), C, .net (Windows Phone)
Operating systemiOS, Android, Windows Phone
Available inEnglish (iOS, Android, WP), German (iOS, Android, WP), French (iOS, Android), Spanish (iOS, Android), Italian (iOS, Android), Russian (iOS, Android), Brazilian Portuguese (iOS, Android), Polish (Android)
TypeEncrypted instant messaging
LicenseProprietary commercial software[2]
Websitethreema.ch

Threema is a proprietary encrypted instant messaging application for iOS, Android and Windows Phone.[3] In addition to text messaging, users can send multimedia, locations, voice messages and files.

The name Threema is an acronym for EEEMA and stands for end-to-end encrypting Messaging Application.[4]

Threema is developed by the Swiss company Threema GmbH.[5][6] The servers are located in Switzerland and the development is based in the Zürich metropolitan area. As of June 2015, Threema had 3.5 million users, most of them from German-speaking countries.[7]

History

Threema was founded in December 2012 by Manuel Kasper.[8] The company was initially called Kasper Systems GmbH.[9] Martin Blatter and Silvan Engeler were later recruited to develop an Android application that was released in early 2013.[10]

In Summer 2013, the Snowden leaks helped create an interest in Threema, boosting the user numbers to the hundreds of thousands.[7] When Facebook took over Whatsapp in February 2014, Threema got 200.000 new users, doubling its userbase in 24 hours.[11] Around 80% percent of those new users came from Germany. By March 2014 Threema had 1,2 million users.[10]

In Spring 2014, operations have been transferred to the newly created Threema GmbH.[9][12]

Features

Threema uses a user ID, created after the initial app launch by a random generator, instead of requiring a linked email address or phone number to send messages. It is possible to find other users by phone numbers if the user allows the app to synchronize their address book.[13] Users can verify the identity of their Threema contacts by scanning their QR code, when they meet physically. The QR code contains the public key of the users. Using this feature, the users can make sure they have the correct public key from their chat partners, which provides security against a Man-in-the-middle attack. Threema knows three levels of verification (certainty levels of the contact’s identity). The verification level of each contact is displayed in the Threema application as dots next to the corresponding contact.

Users can send text messages, multimedia, locations, voice messages and files of any type (up to 20 MB per file).[14] It is also possible to create polls in personal or group chats.[15]

On March 20, 2015, Threema released a gateway for companies. Similar to an SMS gateway, businesses can use it to send messages to their users who have Threema installed.[16] The code for the Threema Gateway SDK is open for developers and available on GitHub.[17]

Architecture

The entire communication via Threema is end-to-end encrypted. During the initial setup, the application generates a key pair and sends the public key to the server while keeping the private key on the user's device.[18] The application then encrypts all messages and files that are sent to other Threema users with their respective public keys.[19][20] Once a message is delivered successfully, it is immediately deleted from the servers.[21]

The encryption process used by Threema is based on the open source library NaCl library. Threema uses asymmetric ECC-based encryption, with 256-bit strength. Threema offers a "Validation Logging" feature that makes it possible to confirm that messages are end-to-end encrypted using the NaCl Networking and Cryptography library.[22] In August 2015, Threema was subjected to an external security audit.[23] Researchers from cnlab confirmed that Threema allows secure end-to-end encryption, and claimed that they were unable to identify any weaknesses in the implementation. Cnlab researchers also confirmed that Threema provides anonymity to its users and handles contacts and other user data as advertised.[24][25]

Reception

In February 2014, a German consumer safety group called Stiftung Warentest evaluated WhatsApp, Threema, Telegram, BlackBerry Messenger and Line. Stiftung Warentest concluded that Threema was the most secure messenger compared to the five others.[26]

Along with Cryptocat and Surespot, Threema was ranked first in a study evaluating the security and usability of instant messaging encryption software, conducted by the German PSW Group in June 2014.[27]

In October 2014, Threema won the "connect App Awards 2014" for being the best app of the year.[28]

In December 2014, Apple awarded Threema for "Best-selling iOS App of the year 2014 in Germany".[29]

As of November 2015, Threema has a score of 6 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard. It has received points for having communications encrypted in transit, having communications encrypted with keys the provider doesn't have access to (i.e. having end-to-end encryption), making it possible for users to independently verify their correspondent's identities, having past communications secure if the keys are stolen (i.e. implementing forward secrecy), having its security design well-documented, and having completed an independent security audit. It is missing a point because its source code is not open to independent review (i.e. it's not open source).[30]

References

  1. ^ Schurter, Daniel (13 December 2012). "Die Schweizer Antwort auf WhatsApp" (in German). 20min.ch. Retrieved 5 July 2014.
  2. ^ "End-User Software License Agreement". Threema GmbH. Retrieved 5 July 2014.
  3. ^ Happich, Julien. "Privacy gains traction with secure messaging apps". Electronic Engineering Times Europe. Retrieved 21 December 2015.
  4. ^ "Why is it called Threema?". Threema's Official FAQ. Retrieved 21 December 2015.
  5. ^ "Threema on Google Play Store". google.com. Retrieved 5 July 2014.
  6. ^ Swiss Confederation. "Swiss company registry entry for Threema GmbH". zefix.ch. Retrieved 5 July 2014.
  7. ^ a b Price, Rob. "Germany's most popular paid app is a secure messenger loved by millions — now it's taking on the US". Business Insider. Retrieved 2015-10-11.
  8. ^ "Kryptografie-App Threema: Schweizer sorgen für Privatsphäre". Neue Zürcher Zeitung. Retrieved 2015-10-08.
  9. ^ a b "Im Interview: Threema". Mailify. 23 July 2014. Retrieved 11 October 2015.
  10. ^ a b Tanriverdi, Hakan. "Der Schlossherr". Der Freitag (in German). ISSN 0945-2095. Retrieved 2015-10-11.
  11. ^ Dillet, Romain. "Bye Bye, WhatsApp: Germans Switch To Threema For Privacy Reasons".
  12. ^ "Threema GmbH, Pfäffikon SZ". www.shabex.ch. Retrieved 2015-10-11.
  13. ^ "Will my address book data be sent to your servers?". threema.ch. Retrieved 2 December 2014.[third-party source needed]
  14. ^ "Threema: Dateien beliebiger Formate bis 20 MB sicher versenden - it-daily.net". www.it-daily.net. Retrieved 2015-10-12.
  15. ^ "Threema integriert Umfrage-Funktion". com! - Das Computer-Magazin. Retrieved 2015-10-12.
  16. ^ "US-Feldzug von Threema gerät ins Stocken". Handelszeitung (in German). ISSN 1422-8971. Retrieved 2015-10-12.
  17. ^ https://github.com/threema-ch
  18. ^ "Could you decrypt my messages?". threema.ch. Retrieved 5 July 2014.[third-party source needed]
  19. ^ Threema Cryptography Whitepaper https://threema.ch/press-files/cryptography_whitepaper.pdf
  20. ^ "Secure mobile messaging with Threema" http://www.net-security.org/review.php?id=333
  21. ^ https://threema.ch/en/faq/message_storage
  22. ^ Threema Validation https://threema.ch/validation/
  23. ^ External Audit https://threema.ch/en/faq/code_audit/
  24. ^ External Audit https://threema.ch/press-files/2_documentation/external_audit_security_statement.pdf/
  25. ^ Schirrmacher, Dennis. "Threema-Audit abgeschlossen: "Ende-zu-Ende-Verschlüsselung ohne Schwächen"". Heise.de. Retrieved 21 December 2015.
  26. ^ http://www.androidpit.com/whatsapp-alternatives-data-security-officially-tested
  27. ^ Heutger, Christian. "Die Ergebnisse unseres großen Messenger-Tests" (in German). Retrieved 2014-06-26.
  28. ^ http://www.connect.de/news/connect-app-awards-2014-die-besten-apps-preisverleihung-gewinner-sieger-award-2659952.html
  29. ^ "iPhone und iPad: Threema ist die meistverkaufte App 2014" http://www.computerbild.de/artikel/cb-News-App-Check-iPhone-und-iPad-Threema-ist-die-meistverkaufte-App-2014-11205436.html
  30. ^ "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?". Electronic Frontier Foundation. 3 November 2015. Retrieved 30 November 2015.

External links

Retrieved from "https://en.wikipedia.org/w/index.php?title=Threema&oldid=702121615"