What Threema can do is missing in WhatsApp
It’s not easy to combine security and ease of use. While WhatsApp chose ease of use, Threema’s healthy mix of both works quite well. For example, to create the secret key pair during app setup, Threema is offline. The private and public keys don’t leave the phone during installation – everything happens locally. While the public key must get distributed so that encrypted messages can be sent, the private key remains on the device used. From both key pairs, the recipient’s public key and the sender’s private key, the app calculates a third key that encrypts the message itself.
The message recipient decodes a message with his private key. The Threema Server does not decrypt information, so they cannot be given to any authorities. So if a Swiss court orders report according to Swiss law, this information cannot consist of sent messages. And the data would also otherwise look rather meagre: If the recipient retrieves messages, they get deleted from the server. IP addresses or traffic data (who sent which message to whom and when) are also not stored. If the user decides not to link the e-mail address and mobile phone number to his ID, this data is not stored on the servers either.