Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email address for registration, only a one-time purchase. Threema is available on iOS and Android and has clients for Windows, macOS, Linux, and can be accessed via web browser but requires a mobile app to function.
The service claims to be based on the privacy by design principles by not requiring a phone number or other personally identifiable information. This helps anonymize the users to a degree.
Threema uses a user ID, created after the initial app launch by a random generator, instead of requiring a linked email address or phone number to send messages. It is possible to find other users by phone number or email address if the user allows the app to synchronize their address book. Linking a phone number or email address to a Threema ID is optional. Hence, the service can be used anonymously. Users can verify the identity of their Threema contacts by scanning their QR code when they meet physically. The QR code contains the public key of the user, which is cryptographically tied to the ID and will not change during the lifetime of the identity. Using this strong authentication feature, users can make sure they have the correct public key from their chat partners, which provides additional security against a Man-in-the-middle attack. Threema knows three levels of authentication (trust levels of the contact's identity). The verification level of each contact is displayed in the Threema application as dots next to the corresponding contact.
In addition to text messaging, users can make voice and video calls, send multimedia, locations, voice messages, and files.