New: the agree/disagree feature is now also available in group chats
New: mark chats as private, protect them with a password, and hide them in the chat overview
New: set read receipts and typing indicator per contact
New: archive chats
New: filter chat overview by contact name, group name, or Threema ID
Revamped contact and group details and various UI tweaks
Overhaul of internal message processing in preparation for upcoming features
Push registration can now be renewed in the advanced settings
Security improvements
Improve chat server authentication protocol to prevent a payload confusion and a theoretical replay issue
Introduce an additional warning message if a connection from another device using the same Threema ID has been detected since the last time that the app was used
Disable compression of Threema Safe backups to rule out the theoretical possibility of a compression oracleThanks to Kenny Paterson, Matteo Scarlata and Kien Tuong Truong of the Applied Cryptography Group at ETH Zurich for bringing these issues to our attention
Other improvements and minor bug fixes
Desktop/Web:
Due to restrictions on Apple’s part, it is only possible for the desktop app / the web client to stay connected when the iOS app is in the foreground (see https://three.ma/webios).
The agree/disagree feature is now also available in group chats
To celebrate Threema turning ten, we have festooned the app icon. The icon can be changed back to the default or to a legacy version in the settings
Support for new chat server protocol
Minor bug fixes
Security improvements:
Improve chat server authentication protocol to prevent a payload confusion and a theoretical replay issue
Introduce an additional warning message if a connection from another device using the same Threema ID has been detected since the last time that the app was used
Disable compression of Threema Safe backups to rule out the theoretical possibility of a compression oracleThanks to Kenny Paterson, Matteo Scarlata and Kien Tuong Truong of the Applied Cryptography Group at ETH Zurich for bringing these issues to our attention
Push registration can now be renewed in the advanced settings
Fixed a bug that could occur when sending large video
Fixed a bug that could, in rare cases, prevent outgoing messages from being sent
Fixed a bug in relation to the notification of private chats
Fixed various crashes
Other improvements and miscellaneous minor bug fixes
New: Mark chats as private, protect them with a password, and hide them in the chat overview
New: Set read receipts and typing indicator per contact
New: Archive chats
New: Filter chat overview by contact name, group name, or Threema ID
Revamped contact and group details and various UI tweaks
Ukrainian and Slovakian localization
Overhaul of internal message processing in preparation for upcoming features
Various other under-the-hood improvements for upcoming features
Desktop/Web:
Improved performance when loading chat overview
Improved performance when sending media files
Key fingerprint replaced with public key in UI
Fixed a possible bug in relation to external keyboards
Other improvements and miscellaneous minor bug fixes
Security fix: A malicious directory server could theoretically trick a client into encrypting an arbitrary message to another user. The protocol and apps were updated to prevent this. The issue was never exploitable without having privileged access to Threema infrastructure (reported by Jonathan Krebs, Universität Erlangen-Nürnberg).
