Back to overview

How does Threema audit its code?

The Threema apps are open source, allowing anyone to audit Threema’s code on their own. Furthermore, external experts are commissioned to conduct comprehensive security audits on a regular basis. The most recent audits are listed below.

  • 2024: Audit by Cure53 of the new desktop app, see blog post and audit report
  • 2023: Security analysis of the “Ibex” communication protocol by security researchers from the Chair of Applied Cryptography at the University of Erlangen-Nuremberg, see blog post and analysis
  • 2020: Audit by Cure53, see blog post and audit report
  • 2019: Audit by Lab for IT Security of the Münster University of Applied Sciences, see blog post and audit report

In addition to external audits, we also maintain a bug bounty program where ethical hackers and security experts are rewarded with a bounty for reporting relevant security vulnerabilities.

For a comprehensive documentation of the algorithms and protocols used in Threema, please refer to the Cryptography Whitepaper.

Follow us

Threema

Made in Switzerland © 2025 Threema GmbH.