Encrypted IM app Threema now available for Android
The encrypted instant messaging (IM) app Threema is now available for Android. The application was previously only available for iOS and essentially works in the same way as the widely-used texting alternative WhatsApp with one crucial difference: Threema employs end-to-end encryption. Messages undergo asymmetric encryption before sending and can only be decrypted by the intended recipient.
To achieve this, the app generates a key pair consisting of private and public keys. Messages are encrypted using the recipient's public key, enabling the recipient to then decrypt and view the message using their secret private key. The process presupposes that the sender and recipient have previously exchanged public keys, ideally in person, as this ensures that the other party is indeed who he or she claims to be. To this end, Threema displays a QR code which the other party then scans using the camera on their smartphone. Where this procedure is used, the app assigns the maximum trust level, symbolised by the colour green, to the other party.
Since meeting up in person is not always practicable, Threema also offers the facility to exchange keys automatically over the web – in which case the app displays a lower trust level (yellow). A conversation partner gets assigned a medium trust level if their phone number or email address has been verified by the other partner. Messages are XSalsa20-encrypted using a 256-bit key derived using elliptical curves. Photos and location information are also transferred in encrypted form.
The Android version is available from Google Play for £1.37; the iOS version costs £1.49. The Android version currently supports smartphones only, but the developers have announced an update which will make Threema Android tablet-compatible.