Threema review
You may not be familiar with Threema. In the premier league of messenger apps, it lags far behind western favorites such as WhatsApp and Facebook Messenger, as well as market leaders WeChat and QQ in China.
Even imo, which only has a solid user base in the notoriously repressive Turkmenistan, had 200 million users in 2017. Even in 2019, Threema hasn’t managed to crack 5 million; the only market in which it’s ever managed to gain a foothold is in Germany following the Facebook purchase of WhatsApp.
There are several potential reasons why Threema isn’t that popular, but there are plenty more why it should be. For that reason, we took a look under the hood to see what makes Threema tick, how secure it is, and whether it should become your messaging app of choice.
How to use Threema
After purchasing the Threema app on AppStore, Google Play, or the Microsoft Store (it’s usually around $3.39), you’ll receive a license key. Redeem this in order to activate the installation process. Once installation is finished, Threema is ready to use.
Unlike many other instant messengers, Threema doesn’t require you to provide your email address or mobile number in order to get started. You generate your Threema ID by moving your finger around the screen at random. This code is then stored on your device, which makes for completely decentralized information.
Threema Web is the app designed for desktop use. The installation process for this is similarly straightforward and decentralized; simply scan the QR code on the web browser to synchronize the app to your mobile account.
How secure is Threema?
Threema’s servers are located in Zürich, Switzerland, a country known as a data privacy haven. Swiss authorities are not invasive of the data stored on servers in their country, which is an immediate plus for our Threema app review.
What’s more, Threema doesn’t even store any information on its actual servers. As soon as a message is successfully sent, it is wiped from their servers. The actual data is decentralized, meaning it is stored on the user’s devices, not a central server.
Decentralization
One of our favorite things about Threema messenger is that you aren’t required to provide your mobile number when signing up to its services and creating your Threema ID. When you sign up to Threema, you receive a unique eight-digit ID that becomes your private key.
This is part of the way Threema encrypts your data. As some contact information is necessary in order to communicate with other users, Threema creates a key pair for this purpose, which includes a private key and a public key.
As the names suggest, the public key is the one that is sent to the Threema servers, while the private key remains encrypted on your device. Neither of them requires any personal information from you, which makes Threema’s communication protocol one of the most secure of any instant messenger.
Encryption
After investigating the app for our Threema app review, we found that the encryption software matches that of the 2048-bit RSA handshake common with the best virtual private networks. Furthermore, each individual message is encrypted with 256-bit symmetric key, and each message also receives a second layer of 128-bit encryption for added security.
256-bit encryption is practically invincible when it comes to brute force attacks. All of the computers in the world couldn’t crack this level of encryption between now and the end of the universe. The added 128-bit encryption is there to detect any manipulations or forgeries.
Few instant messengers provide this level of security to their communications. As well as being completely decentralized, then, Threema also ensures any intercepted messages cannot be picked apart by hackers.
Threema troubleshooting
We didn’t encounter any glaring issues while testing the software for our Threema app review. Fortunately, issues in general appear to be few and far between. A relatively extensive Google search provided little evidence of actual problems with the software besides (very) brief instances where it simply didn’t work.
Partially due to the fact that Threema isn’t really on anyone’s radar, it seems not to be blocked in any major territories, even some of the more repressive territories such as Belarus, Iran, and China.
For now, then, Threema seems to be a viable alternative for a great many reasons, particularly if you’re in a territory like the ones mentioned above where it is difficult to access a reliably encrypted instant messenger. (This is especially true for Signal, which ceased automatic domain fronting for territories in which it is banned.)
How Threema compares to other private messaging apps
Threema
Launched: 2012
Owner: Threema GmbH
Users: 4.5 million +
End-to-end encryption: Yes
Secret chats: Yes
Secure file sharing: Yes
Data storage in servers: Yes, but only as long as it takes to send the message
Chat/Messages self-destruction: No
Requires mobile number: No
Supported platforms: Android; iOS; Windows Phone
Telegram
Launched: 2013
Owner: Telegram Messenger LLP
Users: 200 million (monthly)
End-to-end encryption: Yes, but only in secret chats
Secret chats: Yes
Secure file sharing: No
Data storage in servers: No
Chat/Messages self-destruction: Yes, but only in secret chat
Requires mobile number: Yes
Supported platforms: Android; iOS; Windows Phone; PC; Mac; Linux
Read our full Telegram App Review
Signal
Launched: 2014
Owner: Signal Foundation/Open Whisper Systems
Users: No recent statistics
End-to-end encryption: Yes
Secret chats: Yes, by default
Secure file sharing: Yes
Data storage in servers: Yes, but only for as long as it takes the message to send
Chat/Messages self-destruction: Yes
Requires mobile number: Yes
Supported platforms: Android; iOS; Windows; Mac OS X
Read our full Signal App Review
Recommended reads:
