The Threema apps are open source, allowing anyone to audit Threema’s code on their own. Furthermore, external experts are commissioned to conduct comprehensive security audits on a regular basis. The most recent audits are listed below.
In addition to external audits, we also maintain a bug bounty program where ethical hackers and security experts are rewarded with a bounty for reporting relevant security vulnerabilities.
For a comprehensive documentation of the algorithms and protocols used in Threema, please refer to the Cryptography Whitepaper.