Yes.
-
Android: Threema includes its own app-specific encryption based on AES-256 to protect stored messages, media, and your ID’s private key. The key used for this encryption is generated randomly the first time you start Threema,
and can optionally be protected by setting a Master Key Passphrase in the settings, which we highly recommend. Without a passphrase, the encryption will only add obscurity due to the way hardware encryption is handled on Android. If
you set a Master Key Passphrase, you will have to enter it after every restart of the device (and after the system has terminated the app due to low memory).
Note: the PIN lock, which can be enabled independently of the Master Key Passphrase, does not offer additional encryption; it is simply a UI lock.
-
iOS: Threema uses the iOS Data Protection feature to encrypt messages, images, etc. in the device’s flash storage. The key used for this encryption is linked to the device’s passcode. It is necessary to set a passcode in the
system settings to use this feature. On newer models, iOS also uses hardware features for the encryption. Therefore, even a simple six-digit passcode offers a certain protection. For the highest protection against brute-force
attacks, you should choose a longer, alphanumeric passcode.
Note: The passcode lock that is built into the app itself does not offer additional encryption. This feature is intended to keep nosy people from reading your messages when you intentionally give them your phone for a short time
for another purpose. Encryption with a six-digit code inside the app would not be sensible, as brute-force attacks would be trivial (since unlike iOS, an app cannot access special hardware features to protect the key).
For detailed technical information about the cryptography in Threema, read the Cryptography Whitepaper.