The Threema apps are open source, allowing anyone to audit Threema’s code on their own. Furthermore, external experts are commissioned to conduct comprehensive security audits on a regular basis. The most recent audits are listed below.
2024: Audit by Cure53 of the new desktop app, see blog post and audit report
2023: Security analysis of the “Ibex” communication protocol by security researchers from the Chair of Applied Cryptography at the University of Erlangen-Nuremberg, see blog post and analysis
2020: Audit by Cure53, see blog post and audit report
2019: Audit by Lab for IT Security of the Münster University of Applied Sciences, see blog post and audit report
In addition to external audits, we also maintain a bug bounty program where ethical hackers and security experts are rewarded with a bounty for reporting relevant security vulnerabilities.
For a comprehensive documentation of the algorithms and protocols used in Threema, please refer to the Cryptography Whitepaper.
