Pages

Categories

Search

 

Threema, the Seriously Secure Messaging Application: Check It Out!

by
March 12, 2015
CTOvision
No Comment

By May Gourley

If you’ve ever been worried that the messages you are sending your friends and co-workers via the normal texting applications were not secure enough and you felt unsafe giving out personal information, then Threema might be the application for you to use. What is Threema?

Threema is a mobile messaging app that puts security first. With true end-to-end encryption, you can rest assured that only you and the intended recipient can read your messages. Unlike other popular messaging apps (including those claiming to use encryption), even we as the server operator have absolutely no way to read your messages.

A company in Switzerland has created a secure application for messaging. Their encryption code guarantees that your texts and group messages will be private from third parties. When you add a friend to the application, whether it be from your contacts, or manually inputing a “Threema ID,” they will be categorized into verification levels, determining who may be more trust worthy. The three levels are red, orange and green:

  • Level 1 Level 1 (red): the ID and public key have been obtained from the server because you received a message from this contact for the first time or added the ID manually. No matching contact was found in your address book (by phone number or e-mail), and therefore you cannot be sure that the person is who they claim to be in their messages.
  • Level 2 Level 2 (orange): the ID has been matched with a contact in your address book (by phone number or e-mail). Since the server verifies phone numbers and e-mail addresses, you can be reasonably sure that the person is who they claim to be.
  • Level 3 Level 3 (green): you have personally verified the ID and public key of the person by scanning their 2D code. Assuming their device has not been hijacked, you can be very sure that messages from this contact were really written by the person that they indicate.

The verification levels don’t change anything in the encryption strength (it is always the same high-grade ECC based encryption), but they are a measure of the trust that the public keys saved for your contacts really belong to them. Having the wrong public keys leaves you open to Man-in-the-Middle (MITM) attacks, therefore it is important to verify the keys.

After learning about Threema, I decided to test it out. I downloaded the application on both my phone and my tablet, using two different e-mail addresses to create two different accounts. When you create an account on Threema, you receive a Threema ID, which is a random string of letters and numbers. For example, Threema ID on my tablet is W9W7B9DR, which is what can be used to search for my account. Of course, you are able to create a nickname for yourself, which the app suggests is only your first name or a pseudonym, which is much easier to read every time than that ID given. My phone app received the nickname May, while my tablet became May2. Since I had manually added my accounts to each device, they are both Level 1, since the application cannot securely determine who really is behind the messages

Threema5

Once I sent the message to my tablet, I found that there would be a symbol underneath the text showing me its status, like most texting applications. During my tests, I found four types:

a letter-like symbol, which mean the message was sent (there was also a lighter grey symbol of the same type, which meant that it was currently sending to the server): Threema1  an inbox-like symbol, which would mean that the message was delivered, but not opened yet:Threema2a check mark, meaning they have acknowledged the message (similar to the Facebook “like”):

Threema3

and an eye symbol, which would mean they have seen the message:

Threema4Although I did not get the symbol, there would also be a red exclamation mark for an error, if the message would not be able to be sent.

I also attempted creating a group, with only my two accounts, and although these symbols do not appear in the groups, because of the possible large gatherings that could occur in these chats, each message appears with their sender’s ID and nickname, to distinguish the participants.

Overall, it works just as a regular texting application would, albeit with super effective encryption to keep your messages between only you and your recipient. The app is $1.99 on Google Play and the App Store, and it may be worth buying if security of your conversations are a priority, and you do not wish to have it fall into anyone else’s views. All data that is sent to their servers are there long enough for them to be sent to the recipient an then wiped completely. This process keeps your messages save and private, and keeps it from being collected to be sold to other companies or evaluated for ad purposes. The program was developed and made in Switzerland, and if we know one thing from their banking systems and army knives, it would be that they take security and privacy very seriously.

For more information, check out their website at https://threema.ch/en. You can find links to purchase the app on their site, as well.

Via CTO Vision