New Update Threema - Maximum Security Chat App

[sid_16]

A very secure messenger made in Switzerland for mobiles just like whatsapp, for IOS and Android >=4. Uses NaCl (salt) asymmetric encryption, NSA safe. A must have for privacy lovers.
Threema is a mobile messaging app that puts security first. With true end-to-end encryption, you can rest assured that only you and the intended recipient can read your messages. Unlike other popular messaging apps (including those claiming to use encryption), even we as the server operator have absolutely no way to read your messages.

Webpage - Threema – Maximum Security Chat App. For Companies and Individuals. – Overview

• Download
• Support

Mod Edit: Opened thread, moved to apps, updated links and title.

 

[HarborFront]

From what I gather

Pros

1) End-to-end envcryption
2) Do not require email or handphone number for verification during registration/sign up. Threema will generate an ID for its user so 100% anonymity is guaranteed.
3) The "read"-indicator and the "is writing"-indicator can be turned off for better privacy
4) Pay once for a lifetime license
5) After being delivered, the messages will be deleted from the Threema servers
6) The private key can be encrypted using a passphrase
7) Threema uses only permissions it really needs to work. The camera and microphone permissions are outsourced to separate plug-ins.
8) Address book synchronisation is optional
9) To ensure maximum security, both the connection between the app and the servers and the one between the parties communicating with each other are encrypted separately. The former is especially important as anyone capturing network packets (on public wifi for instance) can’t figure out who is messaging to whom.
10) Threema provides forward secrecy on the network connection (not on the end-to-end layer). Client and server negotiate temporary random keys, which are only stored in RAM and replaced every time the app restarts. An attacker who has captured the network traffic will not be able to decrypt it even if he finds out the long-term secret key of the client or the server after the fact
11) Users have total control over key exchange with encryption and decryption staying on their device only. The server operators or any other party are therefore unable to decrypt messages.
12) You can purchase Threema from its webstore (NOT Google Play Store) to avoid using Google Cloud Messaging (GCM) when it comes to push notification. Under settings/troubleshooting you can select Polling and Polling interval (5/15 out of 30 minutes). Threema will then poll the messages from the server just like IMAP polling without push. Messaging services using GCM for their alerts means Google can know when and who the messages have been send from/received.
13) The servers are located in Switzerland

Cons

1) Except for the encryption the rest is not open source. However, its source code has been independently audited
2) Another issue is when you have created a group but at a later stage you want to switch devices. Since the encryption happens on your device only, you won’t be able to continue with that group on another device. Even if you switch your identity over to another phone (this option exists), it still won’t help.
3) Messages do NOT self destruct on recipient devices. Some says this feature is useless since the recipient can always take a snapshot of the message on its device before it self destructs.

Threema — Secure Messengers.. or not so secure? Part 3
Reasons for using Threema [EN + GER] • r/Threema
Why I cant recommend Threema • r/Threema
I just learned about threema. Why should I use it over signal? • r/Threema

A comparison of Threema against other secure messengers is done here

Secure Messaging Apps Comparison | Privacy Matters